Apr 27, 2023

$4 Million Stolen Through Phishing Scams on Google Ads

The prevalence of malicious phishing websites promoted on Google Ads has resulted in approximately $4 million being stolen from unsuspecting users.

According to Web3 anti-scam service provider ScamSniffer, malicious adverts for phishing websites have been popping up on Google searches in recent weeks. Those who click on the URLs are directed to fraudulent websites that prompt wallet login signature requests, compromising user addresses in the process.

ScamSniffer has investigated multiple cases where users have been duped into clicking on malicious ads, and they have identified a number of decentralized finance protocols, websites and brands that have been targeted, including Zapper.fi, Lido, Stargate, DefiLlama, Orbiter Finance and Radiant. Slight changes to official URLs make it difficult for users to recognize that they’ve clicked on malicious links.

Analysis of metadata from the phishing websites in question has been linked to advertisers located in Ukraine and Canada. The users responsible for placing the malicious adverts have been able to bypass Google’s ad review process by manipulating the Google Click ID parameter, which allows them to show a normal webpage during Google’s ad review. Additionally, some malicious adverts use anti-debugging methods to redirect users with developer tools enabled to a normal website, while a direct click takes users to the malicious website.

On-chain data analysis from addresses linked to malicious websites advertised on Google from ScamSniffer’s database suggests that $4.16 million has been stolen from over 3,000 users over the past month.

ScamSniffer has been able to trace the on-chain flows of funds to various exchange and mixing services, including SimpleSwap, Tornado Cash, KuCoin and Binance.

Using advertising analysis platforms, ScamSniffer has determined that the cost per click for associated keywords is between $1 to $2. Calculating a conversion rate of 40% from 7,500 users clicking on malicious adverts, scammers have spent around $15,000 on advertising, resulting in a return on their malevolent investments of 276%, given the $4 million stolen to date.

These figures are in line with a report from Russian cybersecurity and anti-virus provider Kaspersky, which highlighted an increase in crypto-related phishing attacks through 2022, up 40% year on year, with over 5 million phishing attacks identified last year.

The surge in malicious phishing scams serves as a reminder that users should always be vigilant when it comes to online security. It is important to take the necessary steps to protect yourself and your crypto assets, such as using a secure wallet, verifying URLs, and avoiding clicking on suspicious links.

In the web3 space, NFTs have become increasingly popular and many companies are looking to capitalize on the trend. To ensure the success of their NFTs, companies need to ensure that they are utilizing effective NFT marketing strategies. This includes using social media platforms such as Twitter to promote their NFTs and engaging with a NFT marketing agency that specializes in web3 marketing. Additionally, companies should use the right tools and resources to help them sell their NFTs. By taking the right steps, companies can maximize their chances of success in the NFT space.

Disclaimer: All investment or financial opinions expressed by MoonLanding Media are not recommendations and are intended for entertainment purposes only. Do your own research prior to making any kind of investment. This article has been generated based on trending topics, has not been fact checked and may contain incorrect information. Please verify all information before relying on it.