victims are left with nothing after falling prey to a three-step romance scam
For many scams, a common tactic is to offer “insider” access to financial riches that the general public is unable to get. Many enthusiastic investors were lured into the Ponzi scam perpetrated by Wall Street financier Bernie Madoff using this method. Scammers are now using it to lure victims into downloading and using “exclusive” smartphone applications designed only for insiders, which they claim would bring them great profits.
Known as “CryptoRom,” the phishing scheme is not new. On Thursday, March 16, a Sophos researcher dubbed it the “trifecta of malice,” which includes romance frauds, cryptocurrency scams, and malware Android and iPhone applications.
Tens of thousands of dollars have been stolen from unsuspecting victims as a result of these scams. The perpetrators made $1.3 million in ill-gotten earnings from only one Bitcoin address; you can probably double that number by many to get an indication of the overall haul.
Originally aimed at China, Japan, Southeast Asia, and the Indian subcontinent, the concept has already spread to western Europe and the United States.
Several victims came forward to share their stories with Sophos, including one who stated they had been defrauded and another who said their acquaintance had been taken advantage of by an app named “UBS global” and Binance.
The victim claimed, “They are giving trading in crypto.” He sought to withdraw the money, but when he went to do so, they asked him $6,000 in paid membership.
Don’t put your faith in this romantic relationship.
Online dating portals including “Bumble, Tinder, Facebook dating, and Grindr,” according to an earlier Sophos research, are where most victims are first approached. They have the greatest dating apps we’ve reviewed so far.
According to Chandraiah, some victims have recently received random WhatsApp messages from fraudsters who had profiled them on social media and noticed that they had money to spend.
This information was likely collected from the victims’ own social media accounts or hacked websites, according to Chandraiah’s report. People who are already interested in investing in cryptocurrencies and other forms of digital money are likely to be the primary audience for these scams.
Scammers utilise phoney profiles on dating apps to gain the confidence of their victims over the course of days or even weeks. The fraudster then informs the victims that they may earn a lot of money by installing a unique cryptocurrency software that the scammer has a secret code for.
To prevent these frauds, here is our first piece of advice: Those who claim to be your soul mate, but are unable to see you face-to-face or even have a FaceTime date, should be avoided at all costs
First of all, if a stranger claims you they have a secret to making money with cryptocurrencies, flee immediately.
Why and how it’s even feasible to make fake iOS applications
Sideloading these programmes is the only way to get them, since they aren’t available in the App Store or Google Play. That’s simple to do on Android, but what about Apple products? The App Store isn’t the only place to get iPhone applications, is it?
It’s not quite that simple. Apple allows app developers and huge corporations to deploy their software discreetly via a few different methods.
The iPhones and iPads of employees in large organisations may be configured to allow the installation of company-specific applications. It’s possible to obtain two companion applications that enable for iOS app sideloading during the initial creation process, and then for “test flights” shortly before the app is submitted to the App Store for approval.
For example, criminals, notably those behind the CryptoRom scam, have been known to exploit the corporate deployment and developer testing capabilities. And now, according to Sophos, they’re infecting up to 10,000 people at a time using Apple’s TestFlight beta-testing function.
First, the victims must download and install the official TestFlight software from the Apple App Store. An iPhone user may then download and install a “special” version of a popular cryptocurrency or banking app from a website that looks to be the same as the regular one.
It’s clear these applications are fakes, but they seem like those provided by CoinBase, Robinhood or other cryptocurrency exchanges to the victim.
Tip No. 3: Don’t sideload an Android or iOS programme for someone who isn’t your company. With Android, it’s possibly a fraud; with iOS, it’s certainly a scam.
The swindle of cryptocurrencies
In order to use the “special” smartphone app to send the fraudsters’ money, the victim must first purchase Bitcoin or another cryptocurrency via a legal exchange.
Chandraiah predicted that the victims will gain money right away. All of their original investments may be cashed out at any time.
However, fraudsters feed on the prospect of even greater money in order to encourage their victims to invest more money. In order to make it simpler for the victim, they’ll even lend them money. The victims will never receive the money from the second batch of investments.
Don’t get us wrong – the false app shows that the investments are growing. However, there’s a snag in all of this.
Victims who attempt to withdraw money from their “huge profit,” Chandraiah writes, “are informed that they must pay a ‘tax’ of 20% of their gains before cash can be taken — and threaten that all of their assets are going to be seized by tax officials if they do not pay.”
If the victims pay the “tax,” the “authorities” then “freeze” the money and it remains stuck.
One final time, preying on the helpless
Chandraiah noted that this fraud has gotten so popular that a second scam sector has cropped up “offering” to assist victims retrieve their monies.
CryptoRom victims’ “desperation” is being used by a variety of phoney cryptocurrency recovery businesses that expressly target them.
Many victims come to the realisation that they have no choice but to call the authorities at this point. There are times when nothing can be done. Legal remedy may be limited even when the chain of transactions is publicly available, such as with Bitcoin, because of the lack of reversibility of cryptocurrency transactions.
To retrieve monies via law enforcement or other legal avenues, Chandraiah stated, “it is challenging at best” due to the nature of bitcoin and cross-border international transactions.
Don’t invest in cryptocurrencies with a stranger.
Many victims have been duped into believing that they are trading on Binance, Bitfinex, or Coinbase.
But it’s a leap of faith to assume that well-known cryptocurrency platforms have hidden places where only a select few may exchange their assets and earn more money than everyone else. Maybe it’s not that insane after all.