Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Data from Google Ads combined with blockchain analytics indicates that more than $4 million has been taken from users who have fallen victim to deceptive phishing websites advertised on Google.
As reported by Web3 anti-scam service ScamSniffer, deceptive advertisements for phishing sites have been widespread in Google ad searches in recent weeks. The links direct users to fraudulent sites that request wallet login signatures, thereby compromising users’ addresses.
1/ A recent increase in phishing scams through Google search ads has resulted in users losing around $4 million.
ScamSniffer has examined several instances where users clicked on harmful ads and were led to fraudulent websites.#PhishingScams #GoogleAds pic.twitter.com/vuKCgSuFnV— Scam Sniffer (@realScamSniffer) April 27, 2023
A variety of decentralized finance protocols, websites, and brands, such as Zapper.fi, Lido, Stargate, DefiLlama, Orbiter Finance, and Radiant, have been targeted by fraudsters. Minor alterations to official URLs make it challenging for users to recognize that they have clicked on harmful links.
Examination of metadata from several phishing websites in question has been traced back to advertisers based in Ukraine and Canada. The individuals responsible for placing these malicious ads employ various tactics to circumvent Google’s ad review process. This includes manipulating the Google Click ID parameter, which enables attackers to display a legitimate webpage during Google’s ad review.
Related: Crypto phishing attacks increased by 40% in one year: Kaspersky
Related Posts
Other harmful advertisements utilize anti-debugging techniques to redirect users with developer tools activated to a legitimate website, while a direct click leads users to the malicious site. This also allows fraudsters to evade some of Google ads’ automated reviews.
On-chain data analysis from addresses associated with malicious websites promoted on Google, according to ScamSniffer’s database, indicates that $4.16 million has been taken from over 3,000 users in the past month.
The anti-scam service tracked on-chain fund flows to various exchanges and mixing services, including SimpleSwap, Tornado Cash, KuCoin, and Binance.
Utilizing advertising analysis platforms, ScamSniffer suggests that promoting crypto-related phishing websites is financially rewarding. The average cost per click for related keywords ranges from $1 to $2.
With an estimated conversion rate of 40% from 7,500 users clicking on harmful ads, scammers have invested approximately $15,000 in advertising, yielding a return on their malicious investments of 276%, given the $4 million stolen thus far.
A report from Russian cybersecurity and antivirus provider Kaspersky noted a rise in crypto-related phishing attacks throughout 2022, increasing by 40% year on year, with over 5 million phishing attempts recorded last year.
Magazine: US enforcement agencies are intensifying efforts against crypto-related crime
