Google Ads data: $4M stolen through crypto phishing URLs

Data from Google Ads coupled with blockchain analytics reveals that over $4 million has been stolen from users that have fallen for malicious phishing websites promoted on Google.

According to Web3 anti-scam service provider ScamSniffer, malicious adverts for phishing websites have been prevalent on Google ads searches in recent weeks. The URLs lead to fraudulent websites that prompt wallet login signature requests that compromise users’ addresses.

A number of decentralized finance protocols, websites and brands, including Zapper.fi, Lido, Stargate, DefiLlama, Orbiter Finance and Radiant, have been targeted by scammers. Slight changes to official URLs make it difficult for users to identify that they’ve clicked on malicious links.

Analysis of metadata from a number of the phishing websites in question has been linked to advertisers located in Ukraine and Canada. The users responsible for placing the malicious adverts make use of a number of methods to bypass Google’s ad review process. This includes manipulating the Google Click ID parameter, which allows the attackers to show a normal webpage during Google’s ad review.

Related: Crypto phishing attacks up by 40% in one year: Kaspersky

Other malicious adverts use anti-debugging methods to redirect users with developer tools enabled to a normal website, while a direct click takes users to the malicious website. This also allows scammers to bypass some of Google ads’ machine reviews.

On-chain data analysis from addresses linked to malicious websites advertised on Google from ScamSniffer’s database suggests that $4.16 million has been stolen from over 3,000 users over the past month.

The anti-scam service followed on-chain flows of funds to various exchange and mixing services, including SimpleSwap, Tornado Cash, KuCoin and Binance.

Making use of advertising analysis platforms, ScamSniffer suggests that the cost of promoting crypto-related phishing websites is lucrative. The average cost per click for associated keywords is between $1 to $2.

Estimating a conversion rate of 40% from 7,500 users clicking on malicious adverts, scammers have spent around $15,000 on advertising which has provided a return on their malevolent investments of 276%, given the $4 million stolen to date.

Based on the reported conversion rate of 40% from 7,500 users clicking on malicious adverts, it appears that scammers have spent about $15,000 on advertising. If they have managed to steal $4 million to date, their return on investment would be around 276%.

It is important to note that these figures are based on reported numbers and estimates, and may not represent the true extent of the scam. It is also essential for users to be cautious of any suspicious advertisements or messages and to take steps to protect their personal and financial information from scammers and cybercriminals. This includes using trusted antivirus and cybersecurity software, regularly monitoring accounts for signs of unauthorized activity, and being cautious of any unsolicited messages or requests for personal information.

A report from Russian cybersecurity and anti-virus provider Kaspersky highlighted an increase in crypto-related phishing attacks through 2022, up 40% year on year, with over 5 million phishing attacks identified last year.

it is not uncommon for cybercriminals to use phishing attacks to steal cryptocurrency and other digital assets. Phishing attacks involve tricking individuals into providing sensitive information such as passwords, private keys, or other authentication details through fraudulent emails, text messages, or other means of communication. With the increasing popularity of cryptocurrencies, it’s not surprising that these types of attacks are on the rise. It’s important for users to remain vigilant and take precautions to protect their digital assets, such as using 2-factor authentication, keeping passwords and keys secure, and staying informed about the latest phishing tactics and scams. Additionally, using reputable antivirus and cybersecurity software can provide an added layer of protection against these types of attacks.