Soneium phishing ad scam drains assets; 3 ways to protect connected wallet

Crypto phishing scams continue to drain wallets as a recent incident involves a fraud Google ad for “Soneium.” The ad led users to a fake website and potentially tricked them into connecting their wallets. 

Analysts explain stronger security measures for protection against phishing scams.

Soneium phishing link posted on Google

Scam Sniffer revealed in a post on Tuesday that “Soneium” on Google has been posted as a phishing ad. The ad was a sponsored post and will take the users to a fake website. It would trick users into connecting their crypto wallet and signing a fraudulent transaction. After they signed it, the scammers would gain access to their wallets and steal their assets.

Phishing attempts where scammers attempt to hack crypto wallets through fake ads or websites are fairly common. Other methods that scammers use could include pyramid schemes, rug pulls, and setting up fraud exchanges. However, phishing attempts are more concealed. Users might think that the ad or website belongs to a trusted operator.

A series of research by Check Point underlined that scammers have been using fake airdrop campaigns and counterfeit websites to appear as authentic blockchain platforms. The report finds that groups like “Angel Drainer” provide tools for wallet draining. In the past, similar groups, like Inferno Drainer, were reportedly shut down.

The report shows that Microsoft was the most imitated brand in phishing scams in Q3 2024. Microsoft accounted for 61% of such attacks in the quarter. Apple (12%), Google (7%), and Facebook (3%) are next on the list. Sector-wise, tech is the most targeted industry for imitation, followed by social networks and banking.

Crypto phishing attempts continue to drain wallets

Notably, there has been a rise in cyberattacks in Q3 2024. On average, each organization reportedly faced 1,876 cyberattacks per week. Based on research, the figure is a 75% increase since 2023. The education and research sector was hit hardest with 3,828 weekly attacks. Regionally, Africa had the most attacks with a 90% year-on-year increase, averaging 3,370 per week.

Meanwhile, Scam Sniffer’s last report found that 10,000 victims lost around $46 million to phishing scams in September alone. The analyst cited MistTracker’s finding and reported that top phishing scams occurred through links from fake X accounts.

Google phishing ads were reportedly the next major source of these attacks.

Check Point emphasizes that users verify email sources, avoid suspicious links, and use methods like multi-factor authentication (MFA) for protection from phishing attempts. Scam Sniffer underlines that users need to optimize phishing signature displays for further protection. He also calls for integrating phishing domains and address blocklists for additional security.