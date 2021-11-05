Technology changes and evolves, but cyber scammers do too. Now, Instead of using email to send malicious links, they have chosen to use Google Ads.

According to information released by the cybersecurity company, Check Point Research, a group of cybercriminals used a new type of campaign of phishing, which does not use emails, to steal around $ 500,000 worth of cryptocurrency from wallets, just this past weekend.

The criminals bought Google Ads placements for their scam websites, which mimic popular wallets such as Phantom App and MetaMask. Malicious websites have a URL close to the original, such as “phantonn.app”, the URL of the real service is “phantom.app”, and they also have designs copied from the real business; a whole pirate version that, at first glance and before not very cautious eyes, may well pass for the real one.

When users visit the fake website and type their wallet password, the cybercriminals steal it. If the victim uses the fake website to create a new wallet, they will be given the attacker’s recovery password. In the event that they use such recovery password to log in, they will actually log into the cybercriminal’s account, and any transferred funds will go to the scammer.

In the case of MetaMask, in particular, the fake website has the option to import an existing wallet. Since doing so requires an initial password, scammers will also have access to it.

As Check Point Research explains, Phantom and MetaMask are some of the most popular wallets for Solana and Ethereum cryptocurrencies.

The cybersecurity company cross-referenced on Reddit forums to conclude that about half a million dollars was stolen just last weekend, and found 11 compromised wallet accounts containing cryptocurrencies worth between $ 1,000 and $ 10,000. The scammers had already withdrawn funds from those wallets before Check Point found them.

Check Point Research says that scam groups are now bidding on keywords in Google Ads, which is a testament to how effective the method is, which is why users are now advised to carefully examine the wallet URL, as well as the characteristics of the websites where they transact, to avoid falling for a hoax.

Too users are advised to skip Google Ads results completely – when it comes to wallet sites or cryptocurrency transactions, so as not to fall unknowingly into a scam.