It seems an unscrupulous group has been cloning the websites of ICOs in their entirety, changing only the ICO ETH wallet address and then using Google Ads to drive traffic to them.

Screen-Shot-2017-09-07-at-10.49.54

This is the legitimate contribution page on atlant.io...
Screen-Shot-2017-09-07-at-14.37.34-1

And the scam one on atlant.solutions...
Screen-Shot-2017-09-07-at-14.42.52-1

It's unclear how successful they were as they could have been sending Ether to their wallets in an attempt to make it look more legit, however I have seen serveral people in both their Slack channels that lost some coins...
Screen-Shot-2017-09-07-at-15.33.45-1

These are the two wallets they used...
Aventus: 0x3fCB2D173389b7CD8079Ef8B439dBd92e7E0AE28

Atlant: 0x5c06bf92669ea4A11B808E65abE65b7c7302e0b9

It seems the golden rule to taking part in an ICO is to cross-check the address on mulitple sources, such as the offical Twitter account, their website, Slack, etc. It's worth thinking that any of these could have been hacked, which is why it's worth checking Slack before you send any coins. Aventus read the wallet address out in a YouTube video which is also worth looking out for.