As the web3 and DeFi ecosystems continue to grow, so does the potential for scams and cybercrime. Even with search engine results becoming deceptive, it is crucial for users to remain vigilant when browsing online. This post explores the Google ads scam, a subtle social engineering scheme that exploits search intent to target unsuspecting web3 and DeFi users, putting their digital assets at risk.

The Google Ads Scam Exposed:

A web3 cybersecurity company, known as Scam Sniffer on Twitter, recently uncovered a large-scale social engineering scam that exploits Google ads. This subtle scheme entices unsuspecting users to visit fake websites, potentially leading them to download malware, interact with malicious smart contracts, or sign harmful transactions.

The Google Ads scam’s success hinges on user expectations (See step 4 below). Consequently, thousands of victims have been affected, with an estimated total loss of over 4.16 million dollars.

How the Google Ads Scam Operates:

1. Selection: Scammers select a popular company to target, preferably one with a high volume of software downloads.
2. URL Acquisition: Scammers obtain a URL resembling the targeted brand, either by adopting a different top-level domain (e.g., .com, .io, .xyz) or through typo-squatting (e.g., meta-mask[.]xyz, metemask.com).
3. Site Duplication: They create a near-identical replica of the legitimate site, deceiving users into taking actions that compromise their security, such as downloading malware or having their accounts drained.
4. Ad Publishing: The scammers simply create ads that target certain keywords, typically branded ones, to appear ahead of the legitimate brand and take advantage of the visual similarities between organic google search results and sponsored search results to deceive users into clicking the ad instead of the legitimate brand website.

Google’s Role:

Scam Sniffer was able to identify two different verified google advertiser accounts that were confirmed to be running some of the ads in this campaign, however the accounts may have been phished from legitimate users.

Google has rules that explicitly prohibit users from abusing the ads network to spread malware and viruses, rules against impersonating brands, and also has a review process in place to ensure that ads don’t break rules, however it’s safe to assume that their review system is heavily automated, making it easy for tenacious scammers to optimize a strategy that allows them to exploit it for massive gain before the network catches on.

It is worth noting that Google updated their advertising policy in early March 2023, expanding their pre-existing malware policy into 3 distinct parts which address malware, hacked sites, and unwanted software respectively. The changes are to go into effect on May 9, 2023.

Understanding Search Intent

Search intent, or keyword intent, helps to determine a user’s goals when they input search terms into Google. Advertisers who understand this intent can create targeted ads that cater to users’ interests. For example, a search for the best Miami Vice in Iceland might indicate an interest in lists and ratings, which platforms like Yelp can take advantage of.

Small businesses can focus on specific terms associated with high conversion rates to help them stand out from the competition, but it’s just as easy for scammers to leverage this strategy as well.

Conclusion:

It is essential to exercise caution when browsing online. Users should always verify website legitimacy and be careful when downloading software or interacting with unfamiliar sites. Furthermore, tech companies, including Google, should continually do everything they can to address these scams and work towards enhancing user safety.

Have you or someone you know encountered an online scam? Share your experiences and tips for staying safe online in the comments below. By raising awareness, we can help protect others from falling victim to cybercriminals.