Victims of an international cryptocurrency trading scam called CryptoRom were charged hundreds of thousands of dollars when they attempt to withdraw their investments, according to the follow-up research of cybersecurity firm Sophos. Scammers also freeze their accounts to prevent them from securing their investments.

The new report “CryptoRom Swindlers Continue to Target Vulnerable iPhone/Android Users,” is based on first-hand stories and content shared with Sophos by victims of the scam who got in touch after seeing Sophos’ previous reports on CryptoRom.

CryptoRom scam targets its victims through popular dating apps, such as Bumble and Tinder (cryptocurrency romance or CryptoRom).

Sophos warns iPhone users of crypto romance scam
More attacks on financial systems, cryptocurrency industry in 2022

According to Sophos, one case had a victim charged $625,000 to regain access to the $1 million invested in a fake crypto-trading scheme recommended by someone he or she met on an online dating platform. The dating “friend” then claimed to have invested some of their own money to bring their joint stake up to $4 million. To sweeten the deal, the scammers claimed that the investment made a profit of $3.13 million, and is liable for a 20% profit tax, or $625,000, that needs to be paid to access the account and withdraw funds.

“In fact, neither the co-investment nor the profits were real, and the online ‘friend’ was part of the scam,” Sophos said.

“The CryptoRom scam is romance-centered financial fraud that relies heavily on social engineering at almost every stage,” said Jagadeesh Chandraiah, senior threat researcher at Sophos. “The scammers attract targets through fake profiles on legitimate dating sites and then try to persuade the target to install and invest in a fake cryptocurrency trading app. The apps are usually installed as web clips and are designed to closely resemble legitimate, trusted apps.

“Profit tax”

The research found that the 20% “profit tax” is only mentioned when victims try to withdraw their funds or close the account.

“Victims who struggle to pay the tax are offered a loan,” explained Chandraiah. “There are even fake websites that promise to help people recover their funds if they’ve been scammed. In short, whichever path the increasingly desperate victims go down to try to get their money back, the scammers are there waiting for them. People tell us they have lost a lifetime’s savings or their retirement funds to the scam.”

The scammers are expanding their reach through WhatsApp and SMS messages, which Sophos suspects the information were obtained illegally.

“Innovations”

Sophos’ research also details new technical aspects of the CryptoRom operation. For instance, according to Sophos, the fraudsters are misusing Apple’s TestFlight feature that allows for a limited group of people to install and trial a new iOS app and go through a less stringent Apple review process. In 2021, Sophos researchers observed CryptoRom misusing the iOS Super Signature and Apple’s Enterprise Program for the same purpose.

Sophos researchers also found that all the CryptoRom-related websites used by the fraudsters had very similar backend structure and content and that only the brand names, icons and URLs were different. Sophos believes this may enable the scammers to quickly change the websites they use for the scams when one of them is detected and shut down.

“It is deeply worrying that people continue to fall for these criminal schemes, particularly since the use of foreign transactions and unregulated cryptocurrency markets mean that victims have no legal protection for the funds they invest,” said Chandraiah. “This is an industry-wide issue that is not going away. We need a collective response that includes traceability of cryptocurrency transactions, warning users about these scams, and quickly detecting and removing the fake profiles that enable this kind of fraud.”