Phishing sites can post sponsored ads on Google and X, according to security platform Scam Sniffer, circumventing their policies.
In 2023, over 324,000 cryptocurrency users became victims of phishing schemes, and wallet drainers stole almost $295 million worth of digital assets.
Blockchain security platform Scam Sniffer examined the patterns surrounding drainers used in cryptocurrency phishing scams in its “2023 Wallet Drainers Report.” The platform indicated that throughout 2023, phishing attempts would continue to rise.
Furthermore, according to Scam Sniffer, “phishing gangs” just move their operations elsewhere when drainers shut down because there always seem to be platforms offering services to con artists.
The notorious Monkey Drainer, which was behind some well-known phishing scams, shut down on March 2, but not before advising its criminal clientele to use a different scam provider. Before going out of business, Scam Sniffer calculated that Monkey Drainer had stolen about $16 million worth of digital assets.
In a similar vein, Inferno Drainer shut down in 2023 following the theft of digital assets valued at approximately $81 million. Scam Sniffer claims that Angel Drainer appears to have taken over following the closure of Inferno Drainer.
Concurrently, Scam Sniffer examined the traffic sources for phishing websites. One technique used by cybercriminals is breaking into the official Discord and X (formerly Twitter) accounts of projects, after which they disseminate phishing links via posts.
Phishing websites use fictitious cryptocurrency asset or nonfungible token (NFT) airdrops to generate organic traffic. Additionally, they hijack broken Discord links and post junk on X along with mentions and comments.
Furthermore, Scam Sniffer reported that phishing websites have been allowed to post sponsored Twitter and Google Search advertisements, indicating that scammers have succeeded to evade X and Google’s advertising policies.