For several years now, the crypto market was heating up. Fred, who is in his 60s and lives in Connecticut, figured it was a good time to shift some of the positions he held in his Coinbase account. After encountering some difficulties with the website, Fred decided to call the company. He searched for Coinbase on Google and, at top of the page, he saw an ad that prominently displayed a customer service phone number. Upon calling it, a representative informed Fred that he had "one of the older accounts" but required updating.
That's when the trouble began.
In less than 20 minutes later, Fred — who asked his last name not be used to avoid attracting unwanted attention — had been robbed of more than US$ 100,000 of Bitcoin, Ethereum and cash.
It turned out the Indian-accented representative he had called did not work for Coinbase at all but for scammers. In their short conversation, the rep not only persuaded Fred to share his Coinbase password but also to open his online banking portal—Fred only cut off the scammer upon receiving a call from Wells Fargo asking him about unusual activity.
Fred feels sheepish about the episode, saying his lack of crypto knowledge made him a "lamb to a slaughter." He is angry at Coinbase for making it possible to drain his accounts so quickly, but he has special ire for Google for letting a scammer open shop at the top of its website.
"How can Google allow this? The site is set up for fraud. Anybody can do it. Their phone rings and, yippee, they know they have a sucker on the line," he complains.
It may come as cold comfort to Fred but it is not only crypto novices who have been fleeced as a result of Google ads. In a recent post on Medium, a pseudonymous author recounts how he sought the website for Superbridge, a so-called bridge service of the sort that some experienced crypto users employ to convert lesser-known cryptocurrencies. His Google search returned an ad that displayed a link to "Superbridge.app"—the service's legitimate website.
The user clicked the link and commenced a transaction, only to have $3000 worth of the USDC stablecoin disappear from his wallet. It turned out that the Superbridge.app linkn displayed in the Google ad, when clicked upon, redirected to a site called Seperbridge.app controlled by crooks. The only way to notice such a switcheroo is by confirming the address in the web browser—something most people do not do as a matter of course.