Sophos has released new information about CryptoRom, an international cryptocurrency trading scam that targets iPhone and Android users via popular dating apps such as Bumble and Tinder. The new research, “CryptoRom Swindlers Continue to Target Vulnerable iPhone/Android Users,” is based on first-hand accounts and content shared with Sophos by victims of the scam who contacted Sophos after seeing previous CryptoRom reports.
According to the new research, when victims attempted to withdraw their investments from one of the bogus trading schemes, their accounts were frozen and they were charged up to hundreds of thousands of dollars in bogus “profit tax” to regain access. Sophos claims that the CryptoRom operation is becoming more well-organized and sophisticated and that it is targeting victims all over the world.
In one case shared with Sophos, a victim was charged $625,000 to reclaim the $1 million they’d invested in a bogus crypto-trading scheme recommended by someone they met on an online dating platform. The dating “friend” then claimed that they had invested some of their own money to bring their total stake to $4 million. According to the scammers, their investment made a profit of $3.13 million, and they were required to pay a 20% profit tax, or $625,000, if they wanted to withdraw funds from their account. In reality, neither the co-investment nor the profits were genuine, and the online “friend” was a con artist.
“The CryptoRom scam is romance-centered financial fraud that relies heavily on social engineering at almost every stage,” said Jagadeesh Chandraiah, senior threat researcher at Sophos. “The scammers attract targets through fake profiles on legitimate dating sites and then then try to persuade the target to install and invest in a fake cryptocurrency trading app. The apps are usually installed as web clips and are designed to closely resemble legitimate, trusted apps.
“According to victims of this scam who contacted us after our earlier articles, the 20% ‘profit tax’ is only mentioned when they try to withdraw their funds or close the account. Victims who struggle to pay the tax are offered a loan. There are even fake websites that promise to help people recover their funds if they’ve been scammed. In short, whichever path the increasingly desperate victims go down to try to get their money back, the scammers are there waiting for them. People tell us they have lost a lifetime’s savings or their retirement funds to the scam.”
The Sophos research also discovered a few instances where CryptoRom operators approached targets directly via WhatsApp and SMS messages, most likely using stolen information.
“It is deeply worrying that people continue to fall for these criminal schemes, particularly since the use of foreign transactions and unregulated cryptocurrency markets mean that victims have no legal protection for the funds they invest,” said Chandraiah. “This is an industry wide issue that is not going away. We need a collective response that includes traceability of cryptocurrency transactions, warning users about these scams and quickly detecting and removing the fake profiles that enable this kind of fraud.”
For more information, please read the article “CryptoRom Swindlers Continue to Target Vulnerable iPhone/Android Users.”