There is a new kind of crypto fraud investors should be on the lookout for — scammers are using Google Ads to steal crypto wallets. Just this past weekend, Check Point Research says that more than $500,000 worth of cryptocurrency was stolen in a matter of days.
CPR warns of scammers placing ads at the top of Google Search that imitate popular wallet brands, such as Phantom, MetaMask and Pancake Swap, to trick users into giving up their wallet passphrase and private key.
Oded Vanunu, head of products vulnerability research at Check Point Software Technologies, told GOBankingRates that the amount stolen is not at all surprising and that Check Point believes that the amount of money increased since a few more hacking groups joined in.
Vanunu adds that this is the advent of a new cybercrime trend with Google search.
“Hacking groups are always looking for open windows to gain quick profits from crypto domains since it’s very hard to get back stolen money. Hacking groups always seek for very “innovative” ways to trick users on the crypto market.”
This is how the scam works: the scammer places a Google Ad to appear first on a search query related to a crypto wallet. Then, the victim clicks on a malicious link in Google Ad and is then navigated to a phishing website that looks identical to the original wallet website.
The fake website then attempts to steal your passphrase if you already have a wallet or will provide you with a passphrase for your newly created wallet. In both ways, the scammer gains access to your wallet and can steal all your cryptocurrency.
Vanunu said that he understands “that it is very confusing for a crypto novice and often they fall into such scams because they are not familiar with the applications they are installing.”
He adds, however, that users must keep in mind some important rules and recommends several steps for people to protect themselves.
First, he said that only the extension should create the passphrase.
“To understand if this is an extension or a website, always look at the browser URL,” he said.
Then, the extension will contain an extension icon near it and a chrome-extension URL. Users should never give out their passphrases. No one would ever ask for that. Plus, it is only used again when the user is installing a new wallet.
Also, when looking for wallets or crypt trading and swapping platforms in the crypto space, “always look at the first website in your search that is not an ad, as thes ads may mislead you to get scammed by the attackers,” he said. “Last but not least — always double-check the URLs!”
As GOBankingRates previously reported, 2020 was a record year for investment and cryptocurrency scams — with 26,500 cases reported to the government, resulting in a loss of $419 million — and 2021 is on pace to exceed those numbers. Indeed, according to a Motley Fool survey from July, 2021 will be a record year for investment fraud as 14,079 investment scams were reported to the Federal Trade Commission in the first quarter of 2021 and those victims lost $215 million. This represents about half of the total reported scams and losses in all of 2020, which suggests 2021 will be a record-setting year for investment scammers.
More From GOBankingRates
This article originally appeared on GOBankingRates.com: Crypto Fraud: Scammers Use Google Ads to Steal Crypto Wallets — How Can You Protect Yourself?