Crypto crooks steal over $ 500,000 using Google Ads and phishing websites


If you have been in the cryptocurrency arena for a while now, you may have heard of the Solana SOL token. Its value has increased recently, with the SOL token having climbed over 15,000% this year alone. This means that more and more people are considering entering Solana. However, this has also led to its use in many phishing scams.

A recent r / solana subreddit article highlights the growing trend of Solana-related scams, where users looking to use the Phantom wallet – the most popular wallet for storing SOL tokens – inadvertently use or download a bogus link from wallet which will then take your tokens. As a result, the company Check Point Research further researched and found that a bunch of these campaigns worked through search engine ads.

Notice the fake domain

For example, if you search for Phantom on Google with the intention of creating a new wallet, you may get suggested links to phishing sites designed to look like the official Phantom website, usually by changing a letter or two in the domain. These would be placed on top of the actual Phantom website by Google thanks to scammers using Google ad campaigns targeting those looking for Phantom.

Once a user unintentionally clicks on the ad, they will see a website designed very similarly to the official Phantom Wallet site, with an option to create a new wallet. This leads to a page asking users to remember a “passphrase” for security reasons, but it’s not actually for their own wallet. Instead, it’s the recovery phrase for the scammer’s own wallet. The phishing site then also asks the user for their password.

At the end of the registration process on the fake Phantom website, it redirects the user to the real Phantom website, which asks you to add the Phantom extension to your Google Chrome browser for easy access and transfer. However, since their registration process was done on a fake Phantom website, you will essentially be transferring your cryptocurrency to the scammer’s wallet.

Unfortunately, this has also happened with the MetaMask, a popular wallet for Ethereum. Similar to the modus operandi of the Phantom scam, the attacks will create a Google Ads campaign targeting those who search for MetaMask and place their own bogus website above the official site in Google results. Here the scammer will attempt to steal the user’s personal key to hijack their MetaMask wallet. Check Point has also created a video showing more examples of hackers using Google Ads campaigns to target cryptocurrency users.

Check Point advises users, especially those new to cryptocurrency, to be careful when creating or accessing their wallets. They note that only the extension would create your special passphrase, so you should always check the browser URL for an extension icon and the chrome extension prefix:

It should also be noted that the responsibility should not lie solely with the victim. One question that needs to be asked is how were these ads approved by Google in the first place? By visiting Google’s support page for the ad review process, once a campaign is created with Google, the ad is processed automatically and within one day it will either be approved or disapproved. This is also not the first time that they have allowed such crypto scams to appear on their platform, as Steve Wozniak had previously sued YouTube and Google after allowing videos that used his image to promote cryptocurrencies. fraudulent.

That being said, such ads are of course against Google’s advertising policies. Among the practices prohibited in their policies are the abuse of the ad network to promote content containing malware and “masking”, which involves hiding the true destination of their destination. In this case, it is clear that the ads were covered up, as they pretended to be the shadow wallets to fool unsuspecting victims. In this case, Google needs to take a look at its own ad review process and see how those ads were approved before more users fell victim to this scam.

Of course, it also wouldn’t be the first time that hackers have used online advertising campaigns to target unsuspecting users. Facebook, for example, has long been used by crooks to promote fake news articles and advertisements featuring prominent people, claiming that they are now promoting a new cryptocurrency or something similar. Again, it appears the social media platform was happy to accept payment from these scammers to increase the reach of their fake news, even at the risk of Facebook users.

As such, Malaysians are again advised to never click on such links and always check your links and apps before disclosing such crucial information. You can never be too careful, especially when dealing with your precious materials.



About Author

Comments are closed.