Google Ads Phishing Scam Stealing From Crypto Wallets
New Google Ads scam is stealing crypto wallets, a new research from Check Point Research (CPR) warns. The new scam has enabled wrongdoers to steal hundreds of thousands of dollars’ worth cryptocurrency in the past weekend.
According to the report, scammers are placing ads at the top of Google Search that imitate popular wallet brands, such as Phantom and MetaMask, to trick users into giving up their wallet passphrase and private key. Check Point Research estimates that over $500,000 worth of crypto was stolen in a matter of days.
In a new blog post, Check Point Research explains that attackers are using Google Search as an attack vector to target victims’ crypto wallets. It observed that hundreds of thousands of dollars’ worth of crypto was stolen from wallets by scammers. To lure their victims, scammers placed Google Ads at the top of Google Search that imitated popular wallets and platforms, such as Phantom App, MetaMask and Pancake Swap.
Each advertisement contained a malicious link that, once clicked, directed a victim into a phishing website that copied the brand and messaging of the original wallet website. From here, the scammers tricked their victims into giving up their wallet passwords, setting the stage for wallet theft.
Check Point Research urges the crypto community to stay on high-alert. The official domain “phantom.app” has several phishing variants like phanton.app or phantonn.app, or even different extensions like “.pw” and more. The report says that 11 compromised wallet accounts were discovered, each of them containing crypto worth $1,000. Check Point Research estimates that over $500,000 was stolen over the past weekend.
In order to protect crypto wallets from phishing sites, users must examine the browser URL and look for the extension icon. It is recommended to never give out passphrase to anyone. Also, it is recommended to skip the ads in Google Search and always opt for the first few websites in results.