Cybercriminals Bag $4 Million via Crypto Phishing Scams Promoted on Google

Recently, ScamSniffer, a Web3 anti-scam service provider, has been noticing a surge in malicious phishing ads popping up on Google searches.

According to ScamSniffer, these ads trick users into clicking on deceptive URLs directing them to fraudulent websites asking for wallet login signatures, thus compromising their addresses.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is a Bitcoin & How Does it work? (Animated Explainer)

SUBSCRIBE

ON YOUTUBE

The devious scammers have set their sights on multiple DeFi protocols, websites, and brands, such as Zapper.fi, Lido, Stargate, Defillama, Orbiter Finance, and Radiant.

By making small alterations to the official URLs, the attackers make it extremely difficult for users to recognize the malicious links they've clicked.

ScamSniffer's on-chain data analysis reveals that, in the past month, these fraudulent websites have defrauded over 3,000 users out of a staggering $4.16 million. The anti-scam service has traced the flow of stolen funds to various exchange and mixing services like SimpleSwap, Tornado Cash, KuCoin, and Binance.

Advertising analysis platforms show that promoting these crypto-related phishing sites is a lucrative venture.

The average cost per click for associated keywords ranges from $1 to $2. Assuming a 40% conversion rate from 7,500 users clicking on the malicious ads, the scammers have invested around $15,000 in advertising. Yet, they've managed to rake in a jaw-dropping 276% return on their investments.

Digging deeper into the metadata of these phishing websites, ScamSniffer has discovered links to advertisers based in Ukraine and Canada. These malicious actors employ various techniques to sidestep Google's ad review process, like manipulating the Google Click ID parameter to display a legitimate webpage during the review.

Additionally, some fake ads utilize anti-debugging methods to redirect users with developer tools enabled to a legitimate website. In contrast, a direct click lands users on the malicious site, allowing scammers to evade some of Google ads' machine reviews.

Cybercriminals are getting smarter, and their phishing tactics are evolving. It's crucial to stay vigilant and verify the legitimacy of websites before clicking on ads or entering sensitive information.