CybersecurityData LeakWindowsMacMobile
More ▾
CybersecurityData LeakWindowsMacMobileGamingProduct ReviewScam
Download Products
Home/News & Alerts/Scammers Use Google Ads to Steal $500,000 In Crypto

Scammers Use Google Ads to Steal $500,000 In Crypto

ByMichael MundellDecember 03, 2021

American-Israeli cybersecurity company Check Point has released a report detailing the discovery of the theft of over $500,000 worth of cryptocurrency using a clever Google Ads phishing scam.

The scammers impersonated popular cryptocurrency wallet websites and exchange platforms on Google Ads to trick people into entering their personal cryptocurrency-related credentials on fake websites. Once the scammers had their information, they were free to withdraw all the cryptocurrency in the victims’ accounts.

Some of the popular cryptocurrency platforms the scammers impersonated were Phantom, MetaMask, and PancakeSwap.

One of the fake Phantom ads
Source: Check Point Research
A MetaMask fake ad
Source: Check Point Research

As you can see from the screenshots above, the fake ads were highly convincing. It’s no wonder how the scammers were able to steal so much money using them.

A new twist on phishing scams


Whereas most phishing scams happen via email or SMS, with messages that are sent to potential victims essentially out of the blue, this one was a lot more cunning in its design. Ordinarily, people have no reason to not trust the links that appear in Google’s search results, so it’s easy to see why many people didn’t realize they were on copycat websites designed to steal their data.

Fake Phantom website
Source: Check Point Research
Real Phantom website
Source: Check Point Research

How the scam worked


Here’s an overview of how the scam worked:

1. Scammers create a fake Google Ad for a popular cryptocurrency platform. When someone searches for the cryptocurrency platform, the fake ad appears first in the search results.

2. The victim clicks on the fake Google Ad and is taken to a malicious copycat version of the cryptocurrency platform’s website.

3. The victim is prompted to enter their cryptocurrency wallet passphrase and private key on the malicious website. If they do so, the scammer will have access to them.

4. The scammer steals all the cryptocurrency from the victim’s cryptocurrency wallet.

How to protect yourself


Below are some tips to help you stay protected against these types of scams:

  • Don’t click on Google Ads — scroll down past the ads and click on the platform’s first non-ad link.
  • Check the website’s URL — while they appear perfectly normal as ads in Google’s search results, copycat websites will always have a different URL from their legitimate counterparts.
  • Never give out your passphrase — your passphrase should only be required when installing a new cryptocurrency wallet, so be extra cautious when giving it out.

Enjoyed this article?


Then you’ll definitely want to give these a read, too!

Canadian Teen Arrested for Allegedly Stealing $36m in Crypto Using SIM Swap Attack
Over Three Million User Addresses Leaked in CoinMarketCap Hack
Axie Infinity — The Game Taking the Cryptocurrency World by Storm

cryptocurrencycyber crimeCybersecuritygooglescam
Click each tag to explore related articles.
Trend Micro ID Protection
Copyright © 2021 Trend Micro Inc. 
All rights reserved.
Terms of UsePrivacy NoticeContact Us

This website uses cookies for website functionality, traffic analytics, personalization, social media functionality and advertising. Our Cookie Notice provides more information and explains how to amend your cookie settings.

Accept
Learn More