Phishing scams in Google Ads led searchers to fake crypto wallets

Those who were duped lost over half a million dollars by cryptocurrency scammers.

What happened? “Attacker buys Google Ads in response to searches for popular crypto wallets (that’s the software used to store cryptocurrency, NFTs, and the like),” said James Vincent for The Verge.

From there, crypto-novices who search for related queries are served a Google Ad results which actually takes them to a phishing site instead of a legitimate URL. “Researchers from CPR spotted multiple phishing websites that looked like the original website because the scammers copied its design. For the domain “phantom.app”, the Phantom wallet’s official site, we encountered phishing variants like phanton.app or phantonn.app, or even different extensions like “.pw” and more,” wrote CPR researchers Dikla Barda, Roman Zaikin and Oded Vanunu.

After that, the searcher will be instructed to enter their credentials (which the scammers then steal and transfer funds to their own wallets) or they receive a recovery password that logs them into the scammer’s wallet — so any added funds will go into that wallet instead of their own.

Google’s cryptocurrency ad policies. In June, Google Ads updated its cryptocurrency ad policies to be more strenuous and require certification, Search Engine Land reported. “Google has recently gone back and forth with policies around ads for crypto exchanges and wallets. In early 2018, Google originally banned crypto advertising, but rolled back that ban later in the same year.” The June 2021 policy update included the following measures and required compliance by August 2021:

Financial advertisers will need to check the following boxes to be able to advertise on Google Ads:

  • Be duly registered with
    • (a) FinCEN as a Money Services Business and with at least one state as a money transmitter; or
    • (b) a federal or state-chartered bank entity.
  • Comply with relevant legal requirements, including any local legal requirements, whether at a state or federal level.
  • Ensure their ads and landing pages comply with all Google Ads policies

“Advertisers must also be certified with Google,” says the current Google documentation regarding crypto exchanges.

Google’s comment. “This behavior directly violates our policies and we immediately suspended these accounts and removed the ads. This appears to be a malicious actor looking for ways to evade our detection. We are always adjusting our enforcement mechanisms to prevent these abuses,” a Google spokesperson told Search Engine Land.

In the company’s 2020 Ad Safety Report, it reported that it disabled 70% more accounts for ad policy violations. “We also blocked or removed over 867 million ads for attempting to evade our detection systems, including cloaking, and an additional 101 million ads for violating our misrepresentation policies. That’s a total of over 968 million ads,” said Scott Spencer, Vice President of Ads Privacy & Safety.

Why we care. Not only is this a huge loss for those who may not be crypto experts, but it dilutes the legitimacy and work of those ad specialists who went through the hoops to follow Google Ads’ cryptocurrency policies. The phishing ads also potentially instill distrust in searchers for ads results.