• Google Ads is the latest platform to be used to steal cryptocurrency in $500,000 phishing attacks

  • Fake wallet registration sites advertised on Google Ads and solicited wallet passcodes from wallet holders in a new twist on phishing attacks.

    To fool users into thinking their platforms were legitimate, the attackers imitated platforms such as Metamask and Phantom. Fake wallets were advertised with legitimate wallet names, and users were duped into downloading the fake wallets.

    The same phishing attack, but on a different platform

    This fake wallet attack is the latest iteration of a phishing attempt, in which users are duped into disclosing personal information by a bad actor posing as a legitimate entity. Advertisements are now the medium. The illegitimate sites appeared to be very similar to their legitimate counterparts, which may have allayed phishing fears. People who are familiar with wallets would have noticed the next red flag: a request for a wallet pass. The victims granted this request, resulting in the loss of their money. According to Check Point Research, a passcode is essential for recovering a crypto wallet, and compromising it is more dangerous than disclosing an account password.

    Is it too difficult to spot crypto scam red flags?

    Popular wallets such as Metamask and Phantom, according to Checkpoint Research, are browser extensions rather than websites. If a user is directed to enter a password on a phony Metamask website, there is a problem. Before entering the cryptocurrency world, one must be extra cautious and perform due diligence, especially when it comes to managing one’s wallet. It is not like a stolen credit card, where you can seek redress by contacting the bank that issued the card.

    Google ads are not typical vehicles for phishing attacks, and they can be an example of a hidden attack. The most recent major ad attack occurred about a year ago, when a user claimed to have lost $15k while attempting to participate in a bogus Chinese CBDC cryptocurrency sale. The user navigated to a Coindaq.io top-level URL, which led to a site where funds were required to participate in the sale of digital yuan. Ads for initial coin offerings, DeFi trading protocols, or ads that promote the purchase, sale, or trade of cryptocurrencies are now prohibited under Google’s ad policy. This policy would have covered the victim’s $15K loss. Wallets and exchanges that are licensed, whose products and advertisements comply with local law, and whose accounts are Google-certified may advertise. Only advertisements for cryptocurrency exchanges and wallets are permitted in the United States.

    What's your reaction?