AN international cryptocurrency trading scam called CryptoRom that targets iPhone and Android users through popular dating apps are demanding hundreds of thousands of dollars in fake “profit tax” from victims to regain access.
This is according to a new study from next-generation cybersecurity firm Sophos which is based on first-hand stories and content shared with Sophos by victims of the scam who got in touch after seeing Sophos’ previous reports on CryptoRom.
According to the research, Sophos reports that when victims attempted to withdraw their investments from one of the fake trading schemes, their accounts were frozen and they were charged exorbitantly to regain access.
Sophos said that the CryptoRom operation is increasingly well-organised and sophisticated and targets victims all over the world.
Escalating Costs
In one case shared with Sophos, a victim was charged US$625,000 to regain access to the US$1 mil they’d invested in a fake crypto-trading scheme recommended by someone they’d met on an online dating platform.
The dating “friend” then claimed to have invested some of their own money to bring their joint stake up to US$4 million.
According to the scammers, their investment made a profit of US$3.13 mil, and they were liable for a 20% profit tax, or US$625,000, if they wanted to access their account to withdraw funds.
It is important to note that neither the co-investment nor the profits were real; the online “friend” was part of the entire scam.
“The CryptoRom scam is romance-centred financial fraud that relies heavily on social engineering at almost every stage,” said Sophos senior threat researcher Jagadeesh Chandraiah.
“The scammers attract targets through fake profiles on legitimate dating sites and then then try to persuade the target to install and invest in a fake cryptocurrency trading app.
“The apps are usually installed as web clips and are designed to closely resemble legitimate, trusted apps.
Chandraiah said that according to victims of this scam who had contacted Sophos following their earlier articles on the topic, the 20% “profit tax” was only mentioned when the victims tried to withdraw their funds or close the account.
“Victims who struggle to pay the tax are offered a loan. There are even fake websites that promise to help people recover their funds if they’ve been scammed,” he explained.
“In short, whichever path the increasingly desperate victims go down to try to get their money back, the scammers are there waiting for them. People tell us they have lost a lifetime’s savings or their retirement funds to the scam.”
The Sophos research also found a few cases where the CryptoRom operators had approached targets directly via WhatsApp and SMS messages, probably using stolen information.
New technical features
Sophos’ research also details new technical aspects of the CryptoRom operation.
For instance, according to Sophos, the fraudsters are misusing Apple’s TestFlight feature that allows for a limited group of people to install and trial a new iOS app and go through a less stringent Apple review process.
In 2021, Sophos researchers observed CryptoRom misusing the iOS Super Signature and Apple’s Enterprise Program for the same purpose.
Sophos researchers also found that all the CryptoRom-related websites used by the fraudsters had very similar backend structure and content and that only the brand names, icons and URLs were different.
Sophos believed this may enable the scammers to quickly change the websites they use for the scams when one of them is detected and shut down.
Staying safe – an industry issue
According to Chandraiah it was rather worrying that people continue to fall for these criminal schemes particularly since the use of foreign transactions and unregulated cryptocurrency markets mean that victims have no legal protection from the funds that they invest.
“This is an industry-wide issue that is not going away. We need a collective response that includes traceability of cryptocurrency transactions, warning users about these scams and quickly detecting and removing the fake profiles that enable this kind of fraud,” he remarked. – March 18, 2022
