Phishing scam via Google search ads stole over $4M from users

Getting your Trinity Audio player ready...

Data from on-chain analytics platforms indicate an uptick in malicious phishing websites promoted using the Google search engine, triggering losses of over $4 million for users.

According to a report from Scam Sniffer, the bad actors pay for Google (NASDAQ: GOOGL) ads to rank first on search results for several keywords that urge users to enter their wallet login details on the websites. The websites appear to be clone versions of popular decentralized finance (DeFi) platforms like Zapper, Lido, Orbiter Finance, Radiant, Stargate, and DefiLlama.

1/ 🚨 A recent surge in phishing scams via Google search ads has led to users losing approximately $4 million.
ScamSniffer has investigated multiple cases where users clicked on malicious ads and were directed to fraudulent websites.#PhishingScams #GoogleAds pic.twitter.com/vuKCgSuFnV

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) April 27, 2023

Scam Sniffer remarks that the bad actors rely on several strategies to beat the Google ad review process, such as parameter distinction and debugging prevention. Upon a closer inspection of the metadata of the ads, Scam Sniffer opines that the scammers could be operating out of Canada or Ukraine.

The bulk of the theft took place over the last 30 days, with a little over 3,000 victims being affected by the scheme. On-chain analysis indicates the funds were transferred to several exchange and mixing platforms, including SimpleSwap, Binance, KuCoin, and Tornado Cash, in the hopes of laundering the funds.

Scam Sniffer notes that the scammers may have sunk around $15,000 in Google ads, and given the $4 million haul, their initial investments resulted in astronomical gains of over 10,000%. According to Google rules, the average cost per click for the keywords hovers between $1 to $2 with Scam Sniffer using the estimated conversion rate of 40% from 7,500 users.

“These malicious ads successfully deceive Google’s ad review process through technical means and disguises, resulting in their visibility to users and causing significant harm,” the report read. “To minimize the risk of falling victim to such scams, users should exercise caution when using search engines and actively block content in the advertising area.”

Scam Sniffer suggested that Google integrates a Web3-based phishing website detection engine on its platform and regularly monitors the landing pages of ads to prevent parameter distinctions.

Rise of phishing scams

Russian cybersecurity firm Kaspersky revealed in a 2022 report that digital currency phishing attacks are growing in regularity by a staggering 40%. In 2022 alone, law enforcement authorities recorded over five million phishing attacks worldwide, with the U.S. and Australia being the biggest victims.

The rise of phishing scams has been attributed to the decline in digital currency investment scams following a prolonged “crypto winter.” In addition to phishing scams, pig butchering scams related to digital assets continue to gather steam as scammers feign romantic interests with potential victims.

Watch: Why blockchain regulatory oversight is important