Phishing Scam Hijacked $50 mln in 3 Years With Google AdWords
February 16, 2018
Cisco security researchers have reported on detected phishing scheme which thieved Internet users for cryptocurrency. Criminals ran several sites that went rouge as a popular online-wallet Blockchain.info and promoted them via Google AdWords service.
The two researchers Dave Maynor and Jeremiah O'Connor have published a post on this phishing scheme called Coinhoarder. Cisco together with Ukrainian Cyberpolice department has been investigating the case for the last six months. As they have estimated, up to $50 mln in cryptocurrency have been stolen during 3 years with the scheme.
“The campaign was very simple and after initial setup the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims," they wrote. "This campaign targeted specific geographic regions and allowed the attackers to amass millions in revenue through the theft of cryptocurrency from victims. This campaign demonstrates just how lucrative these sorts of malicious attacks can be for cybercriminals”, the post says.
How did the scheme work? Quite simple: phishers registered several domains with title resembling that of a popular wallet blockchain.info like, for example, block-clain.info or blockchien.info. So they got a chance for misguiding users who did not took no notice of the site name. Then criminals used Google AdWords service, bought ads there and added to their phishing sites thus gaining traffic.
The next thing, the users who fell for the scam being convinced they deal with a real online wallet transferred their funds to the criminals’ accounts. As the researchers say, the scheme has been functioning since 2015 and generated dozens millions dollars profit for its initiators. Cisco points out, total sum stolen amounts to $50 mln.
“What is clear from the COINHOARDER campaign is that cryptocurrency phishing via Google Adwords is a lucrative attack on users worldwide”, Cisco claimed.