According to Check Point Research, fraudsters have earned about $500,000 in cryptocurrencies in a new type of phishing campaign. Instead of using fake emails to lure naive individuals, scammers bought Google Ads placements and used them to advertise fake websites that should look like well-known e-wallets like the Phantom App and Meta Mask.
Check Point Research showed in its report how fraudsters changed the URL but kept other information in e-wallets. A Google search for Phantom would show a real phantom.app, but also a fake address – phanton.app, for example. Everything related to the Google result would look real, except for the URL, and it would also be displayed at the top of the search, because paid campaigns appear in it.
From that point on, phishing functioned as it would in more traditional phishing via email. Users were able to enter their passphrase for a real wallet on a fake website, handing over their credentials directly to fraudsters, writes Entrepreneur. If they made a new wallet, they would get a secret phrase to recover from the fraudster, and then they would use it to apply for a fake account, transferring funds to the wrong actor in the process. MetaMask even gave users the ability to import existing wallets.
Check Point Research cross-referenced Reddit and found that $500,000 was stolen last weekend alone. The company also found 11 compromised wallet accounts containing cryptocurrencies worth $1,000 to $10,000.
Users are advised not to click on Google ads and to double-check all URLs before entering their credentials in their wallet.