A new scam has come to light, where cybercriminals are using Google Ads to steal cryptocurrency wallets. Scammers are placing ads at the top of Google Search that imitates popular wallet brands, such as Phantom and MetaMask, to trick users into giving up their crypto wallet passphrase and private key, research by Check Point Research (CPR) reveals.
CPR, in its blogpost notes that to lure their victims, scammers placed Google Ads at the top of Google Search that imitated popular wallets and platforms. The company estimates that over $500k worth of crypto was stolen in a matter of days.
How the scam works
Scammer implants a Google Ad to appear first on a search query related to a crypto wallet. After the victim clicks on the malicious link that appeared as Google Ads, the victim is navigated to a phishing website that looks identical to the original wallet website.
The fake website now attempts to steal your passphrase, if you already have a wallet; or will provide you with a new passphrase for your newly created wallet. In both ways, the scammer gains access to your wallet and can proceed to steal all your cryptocurrency.
A passphrase creates an extra layer of security for your accounts and works like two-factor authentication for crypto-wallets. But if you hand it over to the cybercriminals, then your account gets compromised.
Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, in a statement, said, “I believe we’re at the advent of a new cybercrime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email. In our observation, each advertisement had careful messaging and keyword selection, in order to stand out in search results. The phishing websites where victims were directed to reflected meticulous copying and imitation of wallet brand messaging. And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns that are geared to heist crypto wallets.”
How to stay safe
CPR urges the crypto community to stay on high alert and offers safety tips for people on how to stay protected.
1. Check the browser URL, before clicking any link. The padlock symbol needs to be there in the URL.
2. Look for the extension icon. The extension will contain an extension icon near it and a chrome-extension URL. Only the extension should create the passphrase, and to understand if this is an extension or a website always look at the browser URL.
3. Users should never give out their passphrase, no one should ever ask for that. And it should be used again only when installing a new wallet.
4. Skip the ads. If you are looking for wallets or crypto trading and swapping platforms in the crypto space, always look at the first website in your search and not in the ad, as these may mislead you to get scammed by the attackers.