Beware of who you fall in love with online.
Criminals are milking victims of their life savings through a kind of cyber fraud called CryptoRom, in which scammers dupe their victims into installing dubious apps on their smartphones that leave them open to theft.
The problem was detailed in new research this week from cybersecurity company Sophos that detailed how CryptoRom scammers have become increasingly sophisticated.
A CryptoRom scam typically begins with a social-engineering attack, in which a fraudster befriends a victim through dating apps like Tinder, Bumble, or Facebook Dating. The scammer then moves their conversations over to encrypted chat apps like WhatsApp.
As the online-only relationship develops, the scammer eventually convinces the victim to obtain cryptocurrencies from popular crypto exchanges like Binance, and then prods them to download fake crypto trading apps that look similar to legitimate ones.
A scammer may also offer to lend money to their victim to build more trust.
Problems arise, however, when the victim wants to stop trading and withdraw their money. At this point, the scammers are able to lock the victim out of their accounts. In some cases, victims may be forced to pay a “tax” to withdraw their money, which they learn by chatting with an in-app customer service representative who is part of the scheme.
Sophos previously said that one victim transferred the equivalent of $1.4 million worth of Bitcoin into a fake trading app.
To bypass Apple’s security measures preventing bad actors from making malicious apps available through the Apple App Store, criminals have been able to use workarounds, the report said. The latest involves fraudsters creating “test versions” of their shady apps through Apple’s TestFlight feature that is also used by legitimate developers.
Companies can use TestFlight so that select users can test software. But the scammers exploit the TestFlight feature, which provides a way for users to download bogus apps outside of the App Store.
Sophos researchers said some victims downloaded fraudulent versions of the legitimate BTCBOX Japanese crypto exchange app that were made available through the TestFlight feature.
The fraudsters also target Android users with malicious CryptoRom apps using what look like legitimate apps, but are instead distributed through corrupt websites.
The researchers said that while some victims have realized they were being defrauded before losing their money, some “have lost their entire savings and even taken out loans with the hope that they will get their money back.”
To avoid being scammed, users remember to only download apps from legitimate app stores, and to be wary of people they meet online.
“CryptoRom scams continue to flourish through the combination of social engineering, cryptocurrency, and fake applications,” the report said. “These scams are well-organized, and skilled in identifying and exploiting vulnerable users based on their situation, interests, and level of technical ability.”
