SophosLabs has uncovered cryptocurrency scams across Asia, Europe, and the US, where victims are discovered on dating apps to make millions.
Crypto scams have found a new home on dating apps, where bad actors are targeting users across three continents on their journey to finding a date, but they land straight into fraud investment schemes that have duped them of millions of dollars. The method is fresh, but the end result is the same — a haplessly amateur investor and a rich hoodwinker. There are many ways in which such scams are executed. Phishing attacks are commonplace, and they’re usually launched to steal data and crypto holding with links that offer a gateway into accounts using scare tactics.
Social media has only exacerbated the problem, as creators with different levels of influence may get duped themselves, while their endorsements convince followers into taking the bait as well. However, fake mobile apps have emerged as the real threat lately. They are available from both legitimate sources such as the App Store and Play Store, as well as fake destinations that mimic the looks of these verified app repositories. Malicious parties often use URLs that look like the real deal and land users on web pages that appear to be an official app listing, complete with fake reviews and ratings.
As per research conducted by Sophos, users across Asia, the United States, and European countries such as the UK, France, and Hungary have lately been targeted via dating platforms to get away with crypto frauds. For example, one suspicious Bitcoin account that was traced as part of the investigation showed money transfers worth over $1.39 million. But the overall scale of the fraud might actually be much larger with a lot more scammers and accounts involved. And the more worrying aspect is that in some cases, the distribution of fake apps happened by exploiting official channels for enterprises, such as Apple’s own Developer Enterprise program. Apple has used the latter scenario to make a case against sideloading, as the program allows enterprises to distribute confidential apps without the usual app review process.
Yet Another Avenue For Crypto Frauds
The modus operandi for the aforementioned crypto scam spans multiple steps but always begins in dating apps such as Bumble, Tinder and Grindr. First, potential victims are reached out to via these dating apps. Then the conversation is moved to other messaging platforms where the sham investment scheme is elaborately explained. Once convinced, users are asked to download a fake investment app where they are asked to make a deposit towards trading schemes. In most cases, scammers also used a legitimate secondary app such as Binance to transfer the cryptocurrency. Finally, after the small initial deposit, the scammer awards the user an instant profit to convince them it’s legitimate. But when the larger deposit is made, the scammer takes off.
As far as downloading the fake app goes, the bad actor shares a URL that looks and feels like an App Store listing, convincing the victim that it is a legitimate App Store page where it has passed the stringent vetting process for safety and security. As per the investigation, most of these love-lorn targets were iPhone users, with the general assumption being that they might be wealthier than those using an Android phone. In some instances, an individual lost as much as GBP 63,000 to one of these dating-crypto frauds. Scams like these, paired with the ransomware problem linked to cryptocurrency, have worried regulators as they explore solutions to curb such financial hustles.
Source: Sophos
About The Author
