Crypto scammers that use dating apps to find their victims are now expanding their reach by operating at a fake gold trading marketplace, Twitter, and even through SMS. This is one of the findings by cybersecurity solutions company Sophos based on its monitoring.
Sophos has been analyzing the movements of two expansive, still operational, pig butchering or sha zhu pan rings (elaborate and lengthy financial fraud scams that can cost victims thousands of dollars) that scammers are operating from Asia.
“CryptoRom is really just the tip of the iceberg,” Sean Gallagher, principal threat researcher, Sophos, said in a media release. “Since the start of the pandemic, this type of cyberfraud has massively expanded. These scammers are not limiting themselves to just exploiting crypto but also gold and other forms of currency or trading value. They’re quite literally going after the whole hog.”
In a two-part report titled “Fool’s Gold: Dissecting a Fake Gold Market Pig Butchering Scam,” Sophos focused on the inner workings of the ring based out of Hong Kong, which demonstrates how these scammers are upping their technical sophistication to lure in and con targets.
Gallagher had first-hand experience as he was contacted directly by the scammers through Twitter and text messages.
A scammer who posed as a 40-year-old woman from Hong Kong tried to lure Gallagher outside of the marketplace into a text messaging app, with the intent of applying social engineering. The interaction which lasted for three months uncovered how the scammers are becoming bolder and more sophisticated.
“The scammers used an elaborate combination of highly effective SEO, polished scam pages to ‘register’ new clients on their fake website, and a pirated version of a legitimate trading app with additional malicious code to steal money from their victims,” Sophos said. “They are also actively updating their operation’s scam infrastructure to avoid being shut down.”
“The move from crypto to gold also shows how easily these groups can find a new niche to exploit,” Gallagher said. “That means the best defense is public awareness of these types of scams. People should be wary of any SMS, dating app, or social media direct message from a stranger who strikes up a conversation and then suggests moving it to WhatsApp or Telegram, especially if they make claims about wealth obtained from crypto or another trading.”