A new fraud has surfaced in which attackers are stealing cryptocurrency wallets through Google Ads. According to Check Point Research (CPR), scammers are creating adverts at the top of Google Search that replicate prominent wallet companies like Phantom and MetaMask to deceive users into handing up their crypto wallet passphrase and private key.
In a blog post, CPR states that scammers used Google Ads at the top of Google Search to entice customers by imitating popular wallets and platforms. Over $500k worth of cryptocurrency was taken in a few of days, according to the company.
Scammer places a Google Ad at the top of a search query for a cryptocurrency wallet. The victim is directed to a phishing website that looks identical to the genuine wallet website after clicking on the malicious link that displayed as Google Ads.
If you already have a wallet, the bogus website will attempt to steal your pass; otherwise, it will offer you with a new pass for your freshly established wallet. The fraudster will obtain access to your wallet in either case and will be able to steal all of your cryptocurrency.
A pass adds an extra degree of security to your accounts and functions similarly to two-factor authentication for cryptocurrency wallets. However, if you give it to cybercriminals, your account will be hacked.
“I believe we’re at the dawn of a new cybercrime trend, where scammers will leverage Google Search as a key attack vector to target crypto wallets, rather than traditional phishing through email,” Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, said in a statement. To stand out in search results, each advertisement had meticulous messaging and keyword selection, according to our observations. Victims were routed to phishing websites that were meticulously copied and imitated wallet brand messages. What’s more worrying is that various fraudster groups are competing for keywords on Google Ads, which is likely a hint of the new phishing tactics aimed at stealing crypto wallets’ success.”
How to Keep Yourself Safe
CPR advises the crypto community to remain vigilant and provides safety guidelines for those who want to keep safe.
1. Before clicking any link, double-check the URL in your browser. In the URL, the padlock symbol must appear.
2. Locate the icon for the extension. The extension will have a chrome-extension URL and an extension icon near it. Only the extension should create the password, and always check the browser URL to see if it’s an extension or a website.
3. Users should never give out their passwords to anyone who asks for them. It should only be used once more when setting up a new wallet.
4. Ignore the commercials. If you’re looking for wallets, crypto trading and swapping platforms in the crypto world, always look at the first website that comes up in your search, not the ad, as these might lead you astray and lead to a scam.