In a new twist on phishing attacks, fake wallet registration sites listed advertisements on Google Ads and solicited wallet passphrases from wallet holders.
The attackers emulated platforms like Metamask and Phantom to make users think that their platforms were legitimate. Fake wallets were advertised with the names of genuine wallets, and users were tricked into downloading the fake wallets.
Same phishing attack, different platform
This fake wallet attack is just the latest incarnation of a phishing attempt, where users are tricked into divulging personal information by a bad actor posing as a legitimate entity. Now the medium is advertisements. The illegitimate sites looked very similar to their legitimate counterparts, which may have falsely allayed phishing fears. People familiar with wallets would have picked up on the next red flag, a request for a wallet passphrase. This request was acceded to by the victims, leading to the loss of their money. According to Check Point Research, a passphrase is instrumental in recovering a crypto wallet, and compromising this is more dangerous than giving out an account password.
Are crypto scam red flags too difficult to notice?
According to Checkpoint Research, popular wallets like Metamask and Phantom are browser extensions, not websites. If one is directed to enter a password on a supposed Metamask website, trouble is afoot. One has to be extra careful and perform due diligence before engaging the cryptocurrency world, especially when it comes to managing one’s wallet. It is not like a stolen credit card, where recourse is possible by contacting the bank that issued the card.
Google ads are not standard vehicles for phishing attacks, and they can be an example of an attack that hides in plain sight. The last major ad attack came about a year ago, where a user claimed to have lost $15k trying to participate in a bogus cryptocurrency sale of the Chinese CBDC. The user clicked on a Coindaq.io top-level URL, which then redirected to a site where funds were required to participate in the sale of the digital yuan. Google’s ad policy now prohibits advertisements for initial coin offerings, DeFi trading protocols, or ads that promote in some way the purchase, sale, or trade of cryptocurrencies. This policy would have protected the victim from their $15K loss. Wallets and exchanges which are licensed and where the products and ads comply with local law and where the account is certified by Google may advertise. Ads for cryptocurrency exchanges and wallets are allowed only in the USA.
What do you think about this subject? Write to us and tell us!
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.