Fake wallet registration sites have recently emerged, which provide advertisements on Google Ads and request wallet passphrases from users. The attackers mimicked platforms like Metamask and Phantom to seem more genuine. Fake wallets were distributed under the names of real wallets, fooling users into downloading them.
Same phishing attack, different platform
The latest version of a phishing scam, in which users are fooled into giving personal information by a bad actor impersonating a genuine business, is the fake wallet attack. Now it’s commercials that get you. The deceptive sites appeared to be identical to their legitimate counterparts, potentially allaying people’s fears about fraud. The next red flag would have been a request for a wallet passphrase, which is something that people with wallets would be familiar with. The victims agreed to this request, resulting in the loss of their money. According to Check Point Research, a passphrase is critical in recovering a crypto wallet, and compromising it is more dangerous than giving out an account password.
Is it truly difficult to recognize a crypto scam?
Popular wallets such as Metamask and Phantom are browser extensions, not websites, according to Checkpoint Research. If one is asked to supply a password on a purported Metamask website, there’s cause for concern. When it comes to wallet management, caution is advised; not like a stolen credit card, where the bank that issued the card may be contacted for options.
The use of Google advertisements to conduct phishing attempts is not typical, and they might serve as a prominent example of an attack that hides in plain sight. The most recent large ad fraud occurred about a year ago when a user stated that he or she had lost $15k attempting to join a fraudulent Chinese CBDC cryptocurrency sale. A user clicked on a Coindaq.io top-level URL, which redirected to a site where funds were required to take part in the sale of the digital yuan.
Google’s advertising policy now forbids advertisements for initial coin offerings, DeFi trading protocols, and ads that promote cryptocurrency purchases, sales, or trades in some manner. The user would not have lost their money if this policy had been in place. Advertisements for licensed wallets and exchanges that contain compliant goods and advertisements, as well as accounts that are certified by Google, may appear. Cryptocurrency exchanges and wallets are only permitted in the United States.
Click here for more Crypto news
***
