A new cryptocurrency scam that imitates ads from popular online wallets and platforms was discovered by cyber threat intelligence firm Check Point Research (CPR). The company estimates that over $500,000 worth of cryptocurrency was stolen in a matter of days.
In a blog post, CPR said that scammers are placing Google Ads that resemble well-known cryptocurrency platforms to trick users into giving up their crypto wallet passphrase and private keys.
Check Point Head of Products Vulnerabilities Oded Vanunu said that we are now at the “advent of a new cybercrime trend,” where cybercriminals are using Google Search instead of the traditional phishing emails.
Based on their observation, Vanunu noted that the advertisements have “had careful messaging and keyword selection” to stand out. In addition, the phishing websites where victims are directed to are meticulously copied from original websites of wallet brands.
Vanunu added in their report that the most alarming part of the scheme is that several groups are bidding for keywords on Google Ads. This signifies the success of this new phishing campaign.