A new scam has come to light, where cybercriminals use Google Ads to steal cryptocurrency wallets. Scammers are placing ads at the top of Google search that mimic popular wallet brands, such as Phantom and MetaMask, to trick users into giving up their crypto wallet password and private key, a Check Point investigation reveals. Research (CPR).
CPR, in their blog post, notes that to entice their victims, the scammers placed Google Ads at the top of Google Search that mimicked popular wallets and platforms. The company estimates that more than $ 500k in cryptocurrency was stolen in a matter of days.
How the scam works
The scammer implants a Google ad to appear first in a search query related to a crypto wallet. After the victim clicks on the malicious link that appeared as Google Ads, the victim is directed to a phishing website that looks identical to the original wallet website.
The fake website now tries to steal your password, if you already have a wallet; or it will provide you with a new password for your newly created wallet. Either way, the scammer gains access to your wallet and can proceed to steal all of your cryptocurrencies.
A passphrase creates an additional layer of security for your accounts and works as two-factor authentication for crypto wallets. But if you hand it over to cybercriminals, your account will be compromised.
Oded Vanunu, Head of Product Vulnerability Research at Check Point, said in a statement: "I believe we are seeing the advent of a new cybercrime trend, in which scammers will use Google Search as the main attack vector to reach to crypto wallets. from traditional phishing via email. In our observation, each ad had a careful selection of messages and keywords to stand out in search results. Phishing websites targeted at victims reflected meticulous copies and imitations of the wallet brand's messages. Most alarmingly, various scam groups are bidding on keywords in Google Ads, which is probably a sign of the success of these new phishing campaigns that are targeting to steal crypto wallets. "
How to stay safe
CPR urges the crypto community to stay on high alert and offers security tips for people on how to stay protected.
1. Check the URL of the browser before clicking any link. The padlock symbol must be in the URL.
2. Look for the icon for the extension. The extension will contain a nearby extension icon and a Chrome extension URL. Only the extension should create the passphrase, and to understand whether it is an extension or a website, always look at the URL of the browser.
3. Users should never give their password, no one should ask for it. And it should be used again only when installing a new wallet.
4. Skip the ads. If you are looking for cryptocurrency exchange and trading wallets or platforms in the cryptocurrency space, always look for the first website in your search and not the ad as these can mislead you and be scammed by attackers.
