Data from Google Ads combined with blockchain analysis reveals that more than $4 million has been stolen from users who fell for a malicious phishing site promoted on Google.
According to ScamSniffer, a provider of Web3 anti-scam services, malicious ads targeting phishing sites have become prevalent in Google Ad Search in recent weeks. These URLs point to fraudulent websites that prompt wallet login signing requests, compromising users' addresses ses.
Many decentralized finance protocols, websites, and brands, including Zapper.fi, Lido, Stargate, DefiLlama, Orbiter Finance, and Radiant, have been targeted by scammers. Subtle changes to the official URL make it difficult for users to be sure they clicked on a malicious link. Metadata analysis from some of the questionable phishing sites linked to advertisers located in Ukraine and Canada. Users responsible for serving malicious ads use a variety of methods to bypass Google's ad review process. This includes manipulating the Google Click ID parameter, which allows attackers to display legitimate webpages during Google's ad review.
Other malicious ads use anti-debugging methods to redirect users with developer tools enabled to legitimate websites, while direct clicks take users to malicious websites. This also allows scammers to bypass the robo-reviews of some Google ads.
An analysis of on-chain data from ScamSniffer's database of malicious website addresses linked to Google ads shows that $4.16 million was stolen from more than 3,000 users in the past month. The anti-scam service tracks the flow of on-chain funds to various exchange es and mixing services, including SimpleSwap, Tornado Cash, KuCoin, and Binance.
ScamSniffer leverages an ad analytics platform to show that the cost of promoting crypto-related phishing sites is lucrative. The average CPC for related keywords is between $1 and $2. With an estimated conversion rate of 40% for the 7,500 users who clicked on the malicious ads, the scammers spent approximately $15,000 on the ads, giving them a 276% return on investment for the malicious, given the $4 million stolen to date.
A report by Russian cybersecurity and antivirus provider Kaspersky highlighted that cryptocurrency-related phishing attacks will increase by 2022, with a year-on-year increase of 40%, with more than 5 million phishing attacks detected last year.
