Cryptocurrencies have been growing in popularity in recent years, but they’re entirely unavoidable in 2021. Bitcoin has been jumping between record peaks and shocking lows, Dogecoin made a bunch of people rich, and Ethereum is powering the rise of NFTs. On the other hand, scammers are also taking advantage of unsuspecting crypto investors with slick scams.
Crypto scams take advantage of Google ads
According to Check Point Research, hundreds of investors have lost money while trying to download crypto wallets. As the researchers note, MetaMask and Phantom are two of the most popular wallets for Ethereum and Solana, respectively. They both offer browser extensions that make it easy to send and receive cryptocurrency. CPR reports that MetaMask has over 10 million users, so it’s no wonder that scammers have chosen to build an entire phishing scheme around the wallet.
Last weekend, CPR found multiple phishing websites that emulated the sites of popular crypto wallets. For example, the official website of the Phantom wallet is phantom.app. Scammers built websites with similar domains such as phanton.app, phantonn.app, and phantom.pw.
At this point, you may be wondering how anyone ended up on these fake websites in the first place. That’s what makes this scheme so unique. As CPR explains, scammers used Google ad campaigns to make their phishing sites appear in search results. Alarmingly, because they were ads, they showed up before the entries for the legitimate websites they were emulating.
How the scammers steal your cryptocurrency
If you searched for the keyword “phantom,” you might have seen an ad at the top of the results for phanton.app. Clicking through will take you to a page that looks like the actual Phantom wallet’s site. When you start to create a new wallet, the site will generate a secret recovery phrase. In reality, this is the recovery phrase for your scammer’s wallet. Finally, after making a password (which the scammer steals), saving, and continuing, you will be redirected to the real Phantom site.
On the legitimate site, Phantom will ask if you want to add the wallet extension to your Chrome browser. If you choose to do so, and use the phrase from the scammer, you will be logging into their wallet, not yours. If you attempt to transfer any funds, the scammer will steal the money.
Based on CPR’s research, scammers stole over $500,000 worth of cryptocurrency last weekend alone using tricks like these. There are similar phishing sites mocked up to look like MetaMask’s website. You can watch a video of the scam in action below so you know what to watch out for: