Sophos, a global leader in next-generation cybersecurity, has released a new observation into an international cryptocurrency trading scam called CryptoRom that targets iPhone and Android users through popular dating apps, such as Bumble and Tinder. The new research is based on first-hand stories and content shared with the cybersecurity company by victims of the scam.
In the new research, Sophos reports that when victims tried to withdraw their investments from one of the fake trading schemes, their accounts were frozen and were charged up to hundreds of thousands of dollars in fake “profit tax” to regain access. According to Sophos, the CryptoRom operation is increasingly well-organised and sophisticated and targets victims all over the world.
In one case shared with Sophos, a victim was charged $625,000 to regain access to the $1 million they’d invested in a fake crypto-trading scheme recommended by someone they’d met on an online dating platform. The dating “friend” then claimed to have invested some of their own money to bring their joint stake up to $4 million. According to the scammers, their investment made a profit of $3.13 million, and they were liable for a 20% profit tax, or $625,000 if they wanted to access their account to withdraw funds. In fact, neither the co-investment nor the profits were real, and the online “friend” was part of the scam.
The CryptoRom scam is romance-centered financial fraud that relies heavily on social engineering at almost every stage. The scammers attract targets through fake profiles on legitimate dating sites and then then try to persuade the target to install and invest in a fake cryptocurrency trading app. The apps are usually installed as web clips and are designed to closely resemble legitimate, trusted apps.Jagadeesh Chandraiah, Senior Threat Researcher at Sophos
According to Sophos, the fraudsters are misusing Apple’s TestFlight feature that allows for a limited group of people to install and trial a new iOS app and go through a less stringent Apple review process. In 2021, Sophos researchers observed CryptoRom misusing other Apple features such as the Super Signature and Apple’s Enterprise Program for the same purpose.
Sophos researchers also found that all the CryptoRom-related websites used by the fraudsters had very similar backend structure and content and that only the brand names, icons and URLs were different. The company believes this may enable the scammers to quickly change the websites they use for the scams when one of them is detected and shut down.
It pays to always be cautious. Sophos is aware of this, hence here are a few recommended methods that users can apply to avoid being scammed online:
Users can also consider educating themselves by understanding the different types of ransomware through Sophos News Threat Research, the home of Sophos’ latest threat intelligence.