Hackers are once again exploiting Google Ads to target Bitcoin wallet users.
In recent campaigns, attackers have used deceptive ads to lure users to lookalike domains—posing serious risks to cryptocurrency holders. Fortra Brand Protection has observed similar tactics used against banks and online gambling platforms over the past year.
The latest wave of attacks has focused on popular services like Blockchain and Kraken, drawing widespread attention across blogs and social media. One example: a Google search for “blockchain.info” returns a misleading ad for a spoofed domain, “blockchian.info” (see Figure 1).
Kraken has acknowledged the threat in a blog post and outlined steps it's taking to mitigate the risk.
Figure 1 Sourced https://twitter.com/myetherwallet/status/766360476246618113
Phishing campaigns are increasingly using Google Ads to promote malicious lookalike domains.
When users search for their Bitcoin wallet service or bank, these deceptive ads appear at the top or sides of the results page. Clicking on one leads to a phishing site designed to mimic the legitimate brand, where victims may unknowingly enter login credentials and personal information — giving attackers direct access to their accounts.
While Google Ads phishing isn’t new, it continues to be a favored tactic against Bitcoin users and financial institutions. Google has acknowledged the issue and claims to regularly block malicious ads. However, recent campaigns show that these attacks are not only effective but are also outpacing Google’s ability to detect and remove them before users are compromised.
Because Google Ads is a cost-per-click service (CPC), the hackers behind these campaigns are believed to have significant financing. The average CPC for a startup or new business is between two to five dollars but can dramatically increase to over ten times that. For each click, the hacker has to pay Google. So, if the victim clicked on the ad but did not fill out the phishing forms, the hacker did not receive any of the victim’s information to later misuse but still has to pay Google their fee. As such, the hacker would likely need to have significant upfront financing to run these types of scams.
Ways to avoid becoming victims of these types of scams include:
- Not clicking on the ads themselves but use the links in the actual search results provided by your browser.
- Always double check the grammatical accuracy of the advertisement
- Hover over the link with your mouse to ensure the domains match before clicking.