Scammers seek to bring their victims to WhatsApp to avoid moderation by other platforms and convince them to join a fake profit system
A set of researchers were able to identify various fraudulent platforms within the App Store and Google Play Store applications that carried out social engineering attacks that encouraged users who downloaded them to invest their money in cryptocurrency schemes.
The security company Sophos said that for the past two years it has been investigating content within the Android and iOS app stores to find virtual services that combine financial app technologies and counterfeit web pages to steal money from their victims. in addition to having access to your personal data.
However, this method of online scams to force investment in cryptocurrency systems is not the only one that could endanger the economic security of users, but there is another way to reach this type of harmful interaction: the deceptions called CryptoRom or crypto romances.
This type of link between users consists of the impersonation of a person’s identity by cybercriminals, who create profiles on dating applications such as Tinder, with which they seek to establish close and trustworthy contacts with unsuspecting users to lead them to put your money at risk.
Cybercriminals engage in conversations emphasizing wealth and the potential for quick profits, as well as posting fake photos of fancy or luxurious spaces to appear entrepreneurial and successful. From the first moment, the scammer will seek to take the conversations outside the dating application, since in some of them, such as Bumble and Tinder, there is moderation and alerts activated for possible scams.
Already in a less controlled environment like WhatsApp, scammers will encourage the victim to invest in cryptocurrency schemes with large profits in a short time, which can convince these users, especially if they have financial needs.
After the investment has been accepted and the necessary bank details are entered, people will be forced to “make a commission payment” to withdraw their profit. These charges could reach up to 20% of the money invested, which would generate long-term losses since the scammers would not actually be giving more money, but would be withdrawing the funds from the victims without their realizing it.
In a case shared with Sophos, a victim was charged $625,000 to regain access to millions of dollars she invested in a fake crypto trade, on the recommendation of someone she met on an online dating platform.
“The CryptoRom scam is a romance-focused financial fraud that relies heavily on social engineering at almost every stage,” says Jagadeesh Chandraiah, Principal Threat Researcher at Sophos.
“Scammers lure targets through fake profiles on legitimate dating sites and then try to persuade them to install and invest in a fake cryptocurrency trading app. The apps are usually installed as web clips and are designed to closely resemble legitimate, trusted apps,” he added.
The investigation also uncovered instances where CryptoRom operators directly reached out to their victims via WhatsApp and text messages, potentially using stolen information.