php editor Youzi will analyze the easiest scam for you: a detailed explanation of the principle of Google Baidu cryptocurrency fake advertising. In recent years, the cryptocurrency market has been turbulent and attracted the attention of a large number of investors. However, some criminals use search engines such as Google and Baidu to place false advertisements and induce users to click on links to engage in fraudulent activities. This article will delve into the principles behind these scams, help readers identify traps, and improve network security awareness.
Original Text | ScamSniffer
Compilation | Wu Shuo Blockchain
In recent weeks, ScamSniffer conducted a survey and found that many users were using Google Falling victim to a phishing scam while searching for ads. These users inadvertently clicked on malicious ads and were induced to visit fraudulent websites, resulting in serious financial losses.
The investigation found that a large number of malicious advertisements appeared at the top of the keyword search results used by the victims. Most users are unaware of how deceptive search ads can be and therefore often click on the first available option, which can lead them to fake and malicious websites.
Keyword analysis shows that some malicious ads and websites target projects such as Zapper, Lido, Stargate, Defillama, Orbiter Finance and Radiant. . Malvertising related to each keyword is summarized below.
When you encounter a malicious ad in Zapper, you may notice that it attempts to use a Permit signature to gain access to my $SUDO Authorization. If you use the Scam Sniffer plugin, you will receive timely alerts about potential risks.
Currently, many wallets do not have clear risk warnings for this kind of signature, and ordinary users may think it is a normal login signature and sign it without thinking.
Analysis of malicious ad messages identified the following advertisers as responsible for serving these ads:
##●● ТОВАРИСТВО З ОБМЕЖЕНОЮ ВІДПОВІДАЛЬНІСТЮ «РОМУС-ПОЛІГРАФ (from Ukraine) ● TRACY ANN MCLEISH (from Canada) Bypass reviewMalicious ads use a variety of techniques to bypass Google's ad review Process, including: Parameter differentiation Fraudulent websites use gclid Google Ads parameters for tracking clicks, displaying different pages based on the user's source. This allows them to display normal web pages during the review phase, effectively bypassing Google's ad review process. Debugging Prevention Some malicious ads use anti-debugging measures to redirect users to normal websites when developer tools are enabled, and when accessed directly Redirect to malicious website. This tactic helps bypass some of the scrutiny from the Google ad machine. These bypass techniques allow malicious ads to deceive Google's ad review process, ultimately causing significant losses to users. Improvement Suggestions for Google Ads● Integrate a Web3-centered malicious website detection engine● Continuously monitor the landing page throughout the entire advertising life cycle, and use parameters in a timely manner Identifying dynamic switching or spoofing Stolen estimates On-chain data analysis of addresses associated with malvertising sites in the ScamSniffer database shows that approx. Approximately $4.16 million was stolen from 3,000 victims, with the majority of the thefts occurring in the last month. Details:https://dune.com/scamsniffer/google-search-ads-phishing-statsFund flowBy analyzing several larger fund collection addresses, we found that some funds were deposited in SimpleSwap, Tornado.Cash, KuCoin, Binance, etc. 0xe018b11f700857096b3b89ea34a0ef51339633700xdfe7c89ffb35803a61dbbf4932978812b8ba843d0x4e1daa2805b3b4f4d155027d754 9dc731134669a0xe567e10d266bb0110b88b2e01ab06b60f7a143f30xae39cd591de9f3d73d2c5be67e72001711451341
# Advertising analytics platforms indicate that the average cost per click for these keywords is approximately $1-2. Based on a projected conversion rate of 40% and 7,500 users clicking on the ad, the advertising cost would be approximately $15,000. Based on cost-per-click, the expected ROI is approximately 276%.
The analysis shows that the advertising cost of most phishing ads is relatively low. Through technical means and disguise, these malicious ads successfully deceived Google's ad review process, causing them to be seen by users and cause significant harm.
To minimize the risk of falling victim to this type of scam, users should remain vigilant when using search engines and actively block content in advertising areas. Additionally, Google Ads’ enhanced review process for Web3 malvertising is critical to better protect users.
Finally, thanks to 23pds@SlowMist, @Tay, bax1337@ConvexLabs, SunSec@DeFiHackLabs, ZachXBT, and Teddy@Biteye for reviewing the data and content!
The above is the detailed content of The easiest scam to fall for: Detailed explanation of Google and Baidu's cryptocurrency fake advertising principles. For more information, please follow other related articles on the PHP Chinese website!