Recently people reported to fall for the trap of crypto phishing scam losing more than 4 million USD. The phishing scam involved Google Ads services. The incident took place over the platform where illicit actors were promoting malicious and fraudulent websites.
Web3 related anti-scam provider Scam Sniffer posted a tweet on Thursday, April 27, reporting the instance of phishing websites over Google ads searches. In its investigation, it found various cases of users ending up clicking on “malicious ads and were directed to fraudulent websites.”
These phishing websites are then said to bring wallet login signature requests and the wallet addresses belonging to the users get compromised.
Scam Sniiffer’s Twitter post noted, “Investigation into the keywords used by victims has uncovered numerous malicious ads at the forefront of search results.
Most users, unaware of the deceptive nature of search ads, click on the first available option, leading them to malicious websites.”
The malicious ads and websites were disguised behind the name of several popular crypto related entities. It included Zapper.fi, Stargate, Lido, Orbiter Finance, DeFiLlama and several others. Scammers made minimal changes in the URLs to look almost similar to the official ones. This makes it hard for users to differentiate between the original and the fake one, and the contingency leads them to click on some malicious links.
Around 3,000 people fell prey to these malicious ad websites and collectively lost over 4.16 million USD worth capital, according to data analysis of wallet addresses.
The probing over these phishing scammers lead the Scam Sniffer to exchanges and mixing platforms. Scammers used platforms like SimpleSwap, Tornado Cash, KuCoin, etc. to process the stolen money.
In its Twitter thread, the anti-scam platform also elaborated the cost behind the promotion of phishing websites. The associated keywords, as it found in its research, holds the average value of 1 USD to 2 USD according to cost per click (CPC).
Doing the math, 7,500 users falling for the scam after clicking the fake advertisement and taking the conversion rate to 40%, scammers would have spent about 15,000 USD. In return, the investment has given a return of up to 276% making the stolen assets worth 4 million USD.
The anti-scam provider also iterated cautionary advice while using search engines like Google and suggested blocking the contents showcased in the advertising section.
Source: https://www.thecoinrepublic.com/2023/04/27/phishing-websites-disguised-as-crypto-urls-on-google-ads-erodes-4m/