Blockchain analytics and data from Google Ads show that customers who visited fraudulent phishing websites advertised by Google have lost over $4 million.
According to ScamSniffer, a Web3 anti-scam service provider, malicious advertisements for fraud websites have recently dominated Google ads searches. The URLs lead to fraudulent websites that provoke wallet login signature requests that compromise the addresses of users.
Scammers have targeted several decentralized finance (DeFi) protocols, websites, and brands, including Zapper.fi, Lido, Stargate, Defillama, Orbital Finance, and Radiant. Slight modifications to official URLs make it challenging for users to identify malicious links.
Several of the fraudulent websites in question have been linked to Ukrainian and Canadian advertisers based on an analysis of their metadata. The individuals responsible for the malicious advertisements use various methods to circumvent Google’s ad review. This includes manipulating the Google Click ID parameter, which enables attackers to display a standard webpage during Google’s ad review.
Other malicious advertisements employ anti-debugging techniques to redirect users with developer tools enabled to a regular website, whereas a direct click leads to the malicious website. This also permits scammers to circumvent some of Google Ads’ automated evaluations.
ScamSniffer’s database of on-chain data from addresses linked to malicious websites advertised on Google suggests that over 3,000 users have had $4.16 million stolen in the past month.
The anti-scam service monitored the on-chain movement of funds to various exchange and blending services, such as SimpleSwap, Tornado Cash, KuCoin, and Binance.
Using advertising analysis platforms, ScamSniffer concludes that crypto-related fraud website promotion is profitable. Between $1 and $2 is the average cost per hit for associated keywords.
Assuming a conversion rate of 40% from 7,500 users clicking on malicious advertisements, fraudsters have spent approximately $15,000 on advertising, which has yielded a 276% return given the $4 million stolen to date.
A report from the Russian cybersecurity and anti-virus provider Kaspersky forecasts a rise in crypto-related phishing attacks through 2022, with over 5 million phishing attacks identified in 2017.