Recently, scammers utilized a new form of phishing campaign that did not require emails to steal roughly $500,000 in cryptocurrencies from wallets. According to reports, the criminal actors paid for Google Ads placements for their phoney websites imitating prominent wallets like Phantom App and MetaMask. The malicious websites feature URLs that are similar to the original, such as “phantonn.app” — the genuine service’s URL is “phantom.app” — and exact design elements similar to the real wallets.
If the victim visits the fake page and enters their password, the fraudsters will take it. If the victim creates a new wallet via the bogus website, they will be handed the attacker’s secret recovery phrase. If they use the recovery word to log in, they will be logging into the bad actor’s account, and any funds made to it will be transferred to the scammer. The false website offers the ability to import an existing wallet for MetaMask in particular. Since this necessitates the use of a seed phrase, the fraudsters will have access to it as well.
The report says, the Phantom App and MetaMask are two of the most used Solana and Ethereum wallets. And it verified or used Reddit forums to determine that roughly half a million dollars were taken in the recent scam, and it discovered 11 hacked wallet accounts with cryptocurrency worth $1,000 to $10,000. Before discovering the wallets, the fraudsters had already withdrawn cash from them.
The report also says, scamming organizations are already bidding on keywords on Google Ads, demonstrating how efficient the strategy is. It is now encouraging consumers to carefully inspect the wallet’s URL and to avoid Google Ads results entirely in order to avoid falling for the scam unintentionally.
- Google Introduces AI Mode: A Game-Changer for Search - March 12, 2025
- Security Researchers Find DeepSeek Security Vulnerabilities - February 6, 2025
- Tech Giants Unite to Tackle Child Safety Online with ROOST - January 11, 2025
