Cryptocurrencies are fast gaining traction in the world of finance. In today's digital world, people are increasingly buying into the concept of cryptocurrency as a new mode for monetary transactions as well as for investments.
Regardless of what cryptocurrencies stand for to you on a personal level, it pays to be in the know of this thing they call digital money. KriptoSlots commits to bringing the latest news on this hot topic. Be sure to check this space regularly.
Source: India Today
Nov 8, 2021
Crypto scammers steal over Rs 3.7 crore in cryptocurrency by using Google Ads to fool people
Google Ads of phishing websites is being run on certain keywords related to crypto wallets, as per CPR
The fake websites imitate popular crypto wallets, fooling people into sharing their credentials on the website
A theft of over $500 thousand is being expected to have taken place over the past weekend through such scams
Scammers are using Google Ads to fool people into opening trick websites and stealing their cryptocurrency holdings. A new report by Check Point Research (CPR) sounds the alarm against such ads, highlighting that hundreds of thousands of dollars worth of cryptocurrency has been taken from victims within this past weekend.
CPR shares screenshots of such ads being run on Google search. It mentions that the Google Ads by scammers redirect people to phishing websites that imitate popular crypto wallets. The bogus website then attempts to trick visitors into sharing their wallet passphrase and private key. Once the scammers get the credentials, they siphon off the holdings in that particular crypto wallet.
As per CPR, multiple scamming groups are involved in the practice. It states that the scammers bid for cryptocurrency wallet-related keywords on Google Ads. This allows them to make their fake website appear right on top of the Google search results for those terms. The "Ads" marker is there for distinction but many users can easily be fooled into clicking on the wrong link for the website.
Some of the keywords that CPR has highlighted include popular wallets like Phantom, MetaMask and Pancake Swap. As can be seen in the screenshots shared by CPR, the ads redirect to a phishing website named exactly like the original crypto wallet, except for the extension. While the official website of the digital wallet Phantom is phantom.app, the bogus website being promoted by scammers on Google Ads redirects to phantom.gui or such extensions.
Once the scammers are successful in redirecting a visitor from Google Ads to their website, they attempt to steal their passphrase - an optional password for wallet security. In case the guest already has a crypto wallet, the website would ask them to enter the passphrase. In case they want to open a new one, the victim will be entering their passphrase for the first time ever, right on a scammer's notepad.
Through CPR's own investigation, a total of 11 wallet accounts were found to be compromised through these scams. Each of these accounts contained between $1,000 (about Rs 74 thousand) to $10,000 (about Rs 7.4 lakh). Some of these holdings were already siphoned off by the scammers, by the time the agency learnt about them.
CPR further compiled Reddit forums where victims of such scams have shared their experiences. All in all, CPR estimates that over $500 thousand, or around Rs 3.7 crore worth of cryptocurrency has been stolen by such scammers "in a matter of days." Warning the crypto community through the report, the agency mentions that users should always double-check the URLs of the websites they open. Also, it advises users to skip the websites that are featured under the Ads section upon searching for crypto-wallets.