Google search results are being manipulated and fake websites are looking more and more like the legitimate ones.
As blockchain technology strides forward, it has not been spared of malicious, opportunistic entities looking to make quick bucks off investors. The cryptocurrency industry is particularly attractive—with users getting more active in online trading and storing their money in web exchanges, the potential incentives become worthwhile for predators. Initial coin offering (ICO) websites, trading platforms, exchanges, and online wallets are a primary target.
While there is a huge amount of money in the industry, security measures are also sophisticated, and its patrons are (somewhat) wiser. As such, stealing from tight defences requires equally sophisticated swindles—and this is exactly what scammers are on to.
A few months ago, crypto-investment platform Enigma’s followers were duped of 1,492 ETH (then amounting to close to $500,000) before the company launched their ICO after scammers spread Slack messages urging investors to visit a decoy website. Several users have lost money to phishing websites—sites that look like legitimate websites but are actually fake. If you use your credentials to log in through these scam websites, the thieves collect your password and clean out your accounts.
A report by Chainalysis outlines how rampant and utterly worrying cybercrime is, particularly on the Ethereum blockchain: “10% of Ethereum holdings marked for ICO investment lies in the hands of criminals. Chainalysis estimates that there have been approximately 30,000 victims of cybercrime on Ethereum losing on average $7,500 each.”
Much like an evolutionary adaptation race where the predator hikes up its tolerance of its prey’s defences, scammers are stepping up their game to prey on users as well. Scammers can now fiddle with Google results to put their fake website on top of search results, so they can lure people who are looking to log in to their exchange wallets. To complete their scheme, the fake website looks more and more like the legitimate ones.
As a countermeasure, it is best to verify and type in the web addresses of legitimate exchange websites and bookmarking them, instead of clicking at Google search results. To help the community out further, it is also important for users to report phishing websites to Google.