Google Ads Used in $4M Crypto Phishing Scam
Scammers have stolen over $4 million in cryptocurrency from users falling for phishing websites promoted on Google Ads, according to blockchain analytics by ScamSniffer. The fraudulent websites prompt wallet login signature requests that compromise users’ addresses, and have targeted decentralized finance protocols, websites and brands. Metadata from some of the phishing websites has been linked to advertisers in Ukraine and Canada, who bypass Google’s ad review process by manipulating the Google Click ID parameter and using anti-debugging methods. ScamSniffer estimates that scammers spent around $15,000 on advertising which provided a return on their investments of 276%, given the $4 million stolen to date.
A recent study by ScamSniffer, a Web3 anti-scam service provider, has revealed that scammers have stolen over $4 million in cryptocurrency from unsuspecting users through phishing websites promoted on Google Ads. The fraudulent websites prompt wallet login signature requests that compromise users’ addresses, and have specifically targeted decentralized finance protocols, websites, and brands, including Zapper.fi, Lido, Stargate, DefiLlama, Orbiter Finance, and Radiant.
The phishing websites use slight variations to official URLs, making it challenging for users to identify that they’ve clicked on malicious links. Analysis of metadata from some of the phishing websites shows that they are linked to advertisers in Ukraine and Canada, who employ several methods to bypass Google’s ad review process. This includes manipulating the Google Click ID parameter, allowing the attackers to show a normal webpage during Google’s ad review. Other malicious adverts use anti-debugging methods to redirect users with developer tools enabled to a normal website, while a direct click takes users to the malicious website. These tactics allow scammers to bypass some of Google Ads’ machine reviews.
On-chain data analysis from addresses linked to malicious websites advertised on Google from ScamSniffer’s database suggests that $4.16 million has been stolen from over 3,000 users in the past month. The anti-scam service provider followed on-chain flows of funds to various exchange and mixing services, including SimpleSwap, Tornado Cash, KuCoin, and Binance.
ScamSniffer also suggests that promoting crypto-related phishing websites is a lucrative business. The average cost per click for associated keywords is between $1 to $2, estimating a conversion rate of 40% from 7,500 users clicking on malicious adverts, scammers have spent around $15,000 on advertising which provided a return on their malevolent investments of 276%, given the $4 million stolen to date.
This news comes as Russian cybersecurity and anti-virus provider Kaspersky highlights a significant increase in crypto-related phishing attacks through 2022, with over 5 million phishing attacks identified last year, up 40% year on year.
It is essential for users to be vigilant and take precautions to protect their cryptocurrency. Users should avoid clicking on suspicious links, ensure their devices have up-to-date anti-virus software, use two-factor authentication (2FA) wherever possible, and use a reputable wallet with secure features.
Image source: Shutterstock
