Hackers are stealing your crypto money using Google Ads

Hackers using Google Ads phishing scam to steal crypto wallet money

With the steady surge in the Bitcoin exchange rate, more people and traders are embracing cryptocurrency than ever before. However, it has also attracted bad actors to prey on naive users to steal their hard-earned digital money.

In the latest instance, hackers are using fake crypto wallet websites resembling authentic cryptocurrency apps such as Phantom App, MetaMask, and Pancake Swap to lure people, reported cyber experts at Check Point Research.

What's more dangerous is that they are using legitimate Google Ads for the phishing scam to get their fake website ranked on top of the search result.  

For instance, they create a webpage with the genuine-looking logo of the company. Even the user interface such as the login window too looks identical to the original firm's website. 

When the user types in the username and password, the website never opens and asks people to type passphrases for verification. But, it won't open.  

Within a short time, criminals would use the stolen login credentials and lock the crypto wallet and steal the money.

In just a matter of days, several people have lost money close to $500,000 (approx. Rs 3,69,34,350) around the world.

"I believe we’re at the advent of a new cybercrime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email. In our observation, each advertisement had careful messaging and keyword selection, in order to stand out in search results. The phishing websites where victims were directed to reflected meticulous copying and imitation of wallet brand messaging. And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns that are geared to heist crypto wallets. Unfortunately, I expect this to become a fast-growing trend in cybercrime. I strongly urge the crypto community to double-check the URLs they click on and avoid clicking on Google Ads related to crypto wallets at this time," said Oded Vanunu, Head of Products Vulnerabilities Research at Check Point.

[Top] Fake Phantom app website and the original website [Below]. Credit: Check Point Research

Crypto wallet users have been warned to be cautious while logging in to websites. Double-check to see if the URL has 'HTTPS' or not. Also, never give away the passphrase if the website doesn't open and recheck whether the website is authenticated or not.

Besides users, it is also imperative for Google to be more stringent in terms of screening applications for ads from all users and making sure the background of the customer is checked before accepting requests to run ads on its search platform.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.