Crypto scammers stole over USD500,000 using Google Ads and phishing websites

If you’ve been around the cryptocurrency sphere for awhile now, you might’ve heard of the Solana SOL token. It’s value has been on the rise recently, with the SOL token having climbed over 15,000% in this year alone. This means that more and more people are looking at getting into Solana. However, this has also led to it being used in many a phishing scam.

A recent post from the r/solana subreddit highlights the rising trend of Solana-related scams, where users looking to use the Phantom wallet—the most popular wallet for storing SOL tokens—inadvertently uses or downloads a fake wallet link which will then take your tokens. Following this, the firm Check Point Research did some more digging and found out that a bunch of these campaigns worked via search engine ads.

Notice the fake domain

For instance, if you were to look up Phantom on Google with the intention of creating a new wallet, you may get suggested links for phishing sites made to look like the official Phantom website, typically by having one or two letters changed in the domain. These would get placed above the actual Phantom website by Google thanks to scammers using Google ad campaigns targeting those who search up Phantom.

Once a user unwittingly clicks the ad, they would see a website designed very similarly to the official Phantom wallet site, complete with an option to create a new wallet. Doing so leads to a page asking for users to remember a ‘secret recovery phrase’ for security reasons, but it’s not actually for their own wallet. Instead, it’s the recovery phrase for the scammer’s own wallet. The phishing site then proceeds to ask the user for their password too.

Upon completion of the sign up process on the fake Phantom website, it redirects the user to the real Phantom website, which asks you to add the Phantom extension to your Google Chrome browser for easy access and transfer. However, because their sign up process was done on a fake Phantom website, you’ll essentially be transferring your cryptocurrency into the scammer’s wallet.

Unfortunately, this has also been going on with the MetaMask, a popular wallet for Ethereum. Similar to the modus operandi for the Phantom scam, attacks will create a Google Ads campaign targeting those searching for MetaMask, and place their own fake website above the official website in the Google results. Here, the scammer will try to steal the user’s personal key to hijack their MetaMask wallet. Check Point have also created a video showing more examples of hackers using Google Ads campaigns to target cryptocurrency users.

Check Point advises users, especially cryptocurrency novices to be careful when creating or accessing their wallets. They note that only the extension would create your special passphrase, and so you should always check the browser URL for both an extension icon and the chrome-extension prefix:

It should also be noted that the responsibility shouldn’t just lie with the victim. One question that needs to be asked is how did these ads get approved by Google in the first place? Taking a look at Google’s own support page for the ad review process, once an ad is campaign is created with Google, the ad is processed automatically and within a day will either be approved or disapproved. This isn’t the first time they’ve allowed such crypto scams to appear on their platform either, as Steve Wozniak had previously sued YouTube and Google after allowing videos that used his likeness to promote scam cryptocurrencies.

That being said, such ads are of course against Google’s advertising policies. Among the prohibited practices in their policies include abusing the ad network to promote content that contains malware and ‘cloaking’, which is to hide the true destination of where their going to. In this case, its clear that the ads were cloaking, as they pretended to be the Phantom wallets to dupe unsuspecting victims. Google in this case needs to look at their own ad review process and see how such ads were approved before more users fall victim to this scam.

Of course, this would not be the first time hackers have used ad campaigns online to target unsuspecting users either. Facebook for example has long been used by scammers to promote fake news articles and ads where prominent people are featured, with claims that they’re now promoting a new cryptocurrency or something similar. Again, it seems that the social media platform was happy to accept payment from these scammers to boost the reach of their fake news, even at the risk of Facebook users.

As such, Malaysians are again advised to never click on these links and to always check your links and apps before giving away such crucial information. You can never be too careful, especially when dealing with your valuable materials.

[ SOURCE, IMAGE SOURCE ]

Recent Posts

Malaysia Airlines’ new A330neo grounded temporarily due to production issues

Malaysia Airlines has temporarily grounded its brand new Airbus A330neo after completing four commercial flights.…

6 hours ago

Proton e.MAS 7: Here’s how much it cost to maintain this EV

Pro-Net recently revealed that you only need to service the new Proton e.MAS 7 EV…

2 days ago

Proton e.MAS 7: How much does it cost to replace the tyres?

The Proton e.MAS 7 is one of the most value for money SUVs at the…

2 days ago

Samsung to launch its new AI-powered home appliances with improved ecosystem integration at CES 2025

Samsung has announced that it will be holding its press conference titled "AI for All:…

2 days ago

SoyaCincau Awards 2024: The Best Phones of the Year

Modern smartphones are very capable computing devices, thanks to powerful hardware trickling down the price…

2 days ago

CelcomDigi offers 5G Home WiFi at RM69/month for Postpaid customers

If you're a CelcomDigi Postpaid 5G customer and can't get fibre broadband for your home,…

2 days ago

This website uses cookies.