CryptophishingscamscontinuetodrainwalletsasarecentincidentinvolvesafraudGoogleadfor“Soneium.”Theadleduserstoafakewebsiteandpotentiallytrickedthemintoconnectingtheirwallets.
Analystsexplainstrongersecuritymeasuresforprotectionagainstphishingscams.
SoneiumphishinglinkpostedonGoogle
ScamSnifferrevealedinapostonTuesdaythat“Soneium”onGooglehasbeenpostedasaphishingad.Theadwasasponsoredpostandwilltaketheuserstoafakewebsite.Itwouldtrickusersintoconnectingtheircryptowalletandsigningafraudulenttransaction.Aftertheysignedit,thescammerswouldgainaccesstotheirwalletsandstealtheirassets.
⚠️SearchedforSoneiumonGoogle,clickedaphishingad.
Afterconnectingyourwalletandsigningaphishingsignature,yourassetsdisappeared…😱💸pic.twitter.com/5Hpi9OTZ4S—ScamSniffer|Web3Anti-Scam(@realScamSniffer)October22,2024
Phishingattemptswherescammersattempttohackcryptowalletsthroughfakeadsorwebsitesarefairlycommon.Othermethodsthatscammersusecouldincludepyramidschemes,rugpulls,andsettingupfraudexchanges.However,phishingattemptsaremoreconcealed.Usersmightthinkthattheadorwebsitebelongstoatrustedoperator.
AseriesofresearchbyCheckPointunderlinedthatscammershavebeenusingfakeairdropcampaignsandcounterfeitwebsitestoappearasauthenticblockchainplatforms.Thereportfindsthatgroupslike“AngelDrainer”providetoolsforwalletdraining.Inthepast,similargroups,likeInfernoDrainer,werereportedlyshutdown.
ThereportshowsthatMicrosoftwasthemostimitatedbrandinphishingscamsinQ32024.Microsoftaccountedfor61%ofsuchattacksinthequarter.Apple(12%),Google(7%),andFacebook(3%)arenextonthelist.Sector-wise,techisthemosttargetedindustryforimitation,followedbysocialnetworksandbanking.
Cryptophishingattemptscontinuetodrainwallets
Notably,therehasbeenariseincyberattacksinQ32024.Onaverage,eachorganizationreportedlyfaced1,876cyberattacksperweek.Basedonresearch,thefigureisa75%increasesince2023.Theeducationandresearchsectorwashithardestwith3,828weeklyattacks.Regionally,Africahadthemostattackswitha90%year-on-yearincrease,averaging3,370perweek.
Meanwhile,ScamSniffer’slastreportfoundthat10,000victimslostaround$46milliontophishingscamsinSeptemberalone.TheanalystcitedMistTracker’sfindingandreportedthattopphishingscamsoccurredthroughlinksfromfakeXaccounts.
Googlephishingadswerereportedlythenextmajorsourceoftheseattacks.
CheckPointemphasizesthatusersverifyemailsources,avoidsuspiciouslinks,andusemethodslikemulti-factorauthentication(MFA)forprotectionfromphishingattempts.ScamSnifferunderlinesthatusersneedtooptimizephishingsignaturedisplaysforfurtherprotection.Healsocallsforintegratingphishingdomainsandaddressblocklistsforadditionalsecurity.
cryptopolitan.com