Image Courtesy; iNews
Those who are unfamiliar with bitcoin may not fully comprehend how the virtual currency operates. Many people will use Google and other search engines to look for answers to questions like “What is cryptocurrency?” “How do I buy Bitcoin?” and “What is a crypto exchange?” are two frequently asked questions. Knowing that not everyone understands how it works, criminals preyed on crypto newcomers with a phishing scheme that resulted in over $500,000 in losses, according to Check Point Research.
According to James Vincent of The Verge, “an attacker buys Google Ads in response to searches for popular crypto wallets (that’s the software used to store cryptocurrency, NFTs, and the like).”
Following that, crypto-novices who perform a Google search for related terms are sent to a phishing site rather than a valid URL. “CPR researchers discovered many phishing websites that looked just like the real thing since the thieves mimicked the design. “We discovered phishing variations like phanton.app or phantonn.app, or even alternative extensions like “.pw” and more for the domain “phantom.app,” the Phantom wallet’s official site,” noted CPR researchers Dikla Barda, Roman Zaikin, and Oded Vanunu.
The searcher will then be asked to input their credentials (which the scammers will steal and use to transfer funds to their own wallets) or they will be given a recovery password that logs them into the scammer’s wallet (and any additional monies will go into that wallet rather than their own).
According to Search Engine Land, Google Ads modified its bitcoin ad regulations in June, making them more stringent and requiring certification. “Google’s policies on crypto exchanges and wallets have recently gone back and forth. Google initially banned crypto advertising in early 2018, but later reversed its decision later that year.”