The easiest scam to fall for: Detailed explanation of Google and Baidu's cryptocurrency fake advertising principles

php editor Youzi will analyze the easiest scam for you: a detailed explanation of the principle of Google Baidu cryptocurrency fake advertising. In recent years, the cryptocurrency market has been turbulent and attracted the attention of a large number of investors. However, some criminals use search engines such as Google and Baidu to place false advertisements and induce users to click on links to engage in fraudulent activities. This article will delve into the principles behind these scams, help readers identify traps, and improve network security awareness.

Original Text | ScamSniffer

Compilation | Wu Shuo Blockchain

Background

In recent weeks, ScamSniffer conducted a survey and found that many users were using Google Falling victim to a phishing scam while searching for ads. These users inadvertently clicked on malicious ads and were induced to visit fraudulent websites, resulting in serious financial losses.

Malicious Advertisements

The investigation found that a large number of malicious advertisements appeared at the top of the keyword search results used by the victims. Most users are unaware of how deceptive search ads can be and therefore often click on the first available option, which can lead them to fake and malicious websites.

Object of attack

Keyword analysis shows that some malicious ads and websites target projects such as Zapper, Lido, Stargate, Defillama, Orbiter Finance and Radiant. . Malvertising related to each keyword is summarized below.

Malicious Sites

When you encounter a malicious ad in Zapper, you may notice that it attempts to use a Permit signature to gain access to my $SUDO Authorization. If you use the Scam Sniffer plugin, you will receive timely alerts about potential risks.

Currently, many wallets do not have clear risk warnings for this kind of signature, and ordinary users may think it is a normal login signature and sign it without thinking.

Malicious Advertisers

Analysis of malicious ad messages identified the following advertisers as responsible for serving these ads:

##●● ТОВАРИСТВО З ОБМЕЖЕНОЮ ВІДПОВІДАЛЬНІСТЮ «РОМУС-ПОЛІГРАФ (from Ukraine)

● TRACY ANN MCLEISH (from Canada)

Bypass review

Malicious ads use a variety of techniques to bypass Google's ad review Process, including:

Parameter differentiation

Fraudulent websites use gclid Google Ads parameters for tracking clicks, displaying different pages based on the user's source. This allows them to display normal web pages during the review phase, effectively bypassing Google's ad review process.

Debugging Prevention

Some malicious ads use anti-debugging measures to redirect users to normal websites when developer tools are enabled, and when accessed directly Redirect to malicious website. This tactic helps bypass some of the scrutiny from the Google ad machine.

These bypass techniques allow malicious ads to deceive Google's ad review process, ultimately causing significant losses to users.

Improvement Suggestions for Google Ads

● Integrate a Web3-centered malicious website detection engine

● Continuously monitor the landing page throughout the entire advertising life cycle, and use parameters in a timely manner Identifying dynamic switching or spoofing

Stolen estimates

On-chain data analysis of addresses associated with malvertising sites in the ScamSniffer database shows that approx. Approximately $4.16 million was stolen from 3,000 victims, with the majority of the thefts occurring in the last month.

Details:

https://dune.com/scamsniffer/google-search-ads-phishing-stats

Fund flow

By analyzing several larger fund collection addresses, we found that some funds were deposited in SimpleSwap, Tornado.Cash, KuCoin, Binance, etc.

0xe018b11f700857096b3b89ea34a0ef5133963370

0xdfe7c89ffb35803a61dbbf4932978812b8ba843d

0x4e1daa2805b3b4f4d155027d754 9dc731134669a

0xe567e10d266bb0110b88b2e01ab06b60f7a143f3

0xae39cd591de9f3d73d2c5be67e72001711451341

ROI Estimation

# Advertising analytics platforms indicate that the average cost per click for these keywords is approximately $1-2. Based on a projected conversion rate of 40% and 7,500 users clicking on the ad, the advertising cost would be approximately $15,000. Based on cost-per-click, the expected ROI is approximately 276%.

Conclusion

The analysis shows that the advertising cost of most phishing ads is relatively low. Through technical means and disguise, these malicious ads successfully deceived Google's ad review process, causing them to be seen by users and cause significant harm.

To minimize the risk of falling victim to this type of scam, users should remain vigilant when using search engines and actively block content in advertising areas. Additionally, Google Ads’ enhanced review process for Web3 malvertising is critical to better protect users.

Finally, thanks to 23pds@SlowMist, @Tay, bax1337@ConvexLabs, SunSec@DeFiHackLabs, ZachXBT, and Teddy@Biteye for reviewing the data and content!

The above is the detailed content of The easiest scam to fall for: Detailed explanation of Google and Baidu's cryptocurrency fake advertising principles. For more information, please follow other related articles on the PHP Chinese website!