iPhone, Android users lose life savings to romance fraud, cryptocurrency operation

Attackers now 'double dip' to clear out victim bank accounts.
Written by Charlie Osborne, Contributing Writer

iPhone and Android users are falling prey to new and even more extortionate tactics by romance and cryptocurrency scam artists. 

Romance scams are nothing new, but their potential impact has expanded due to mobile technology and the connectivity of our smartphones to core financial services, banking, and investment opportunities. 

The US Federal Trade Commission (FTC) says that 2021 was a "goldmine" for scammers, and $770 million was lost due to social media scams alone during the year. Investment, cryptocurrency, and romance scams were the most common ways fraudsters cashed in. 

In 2021, Sophos revealed "CryptoRom," an international criminal ring conducting romance scams across Asia, the US, and Europe. At the time, Sophos said that CryptoRom primarily targeted Bumble and Tinder users, luring them into downloading fake cryptocurrency trading apps by abusing Apple's Enterprise Signature platform. 

The researchers have now provided an update on the scammers' activities. On Wednesday, Sophos said that victims have been contacting the company, providing their own stories and allowing the team to collect more threat information. 

"Most also reported that they had lost thousands of dollars in personal savings to the crooks behind the scams, though some saw our previous reports and recognized the scam before being drawn into it too deeply," Sophos said. "In some cases, victims have lost their entire savings and even taken out loans with the hope that they will get their money back."

Also: Microsoft warns of emerging 'ice phishing' threat on blockchain, DeFi networks

It now appears that CryptoRom fraudsters are also soliciting victims through cold-call WhatsApp messages, offering them investment opportunities and trading tips -- and, of course, "huge" financial returns are promised. 

Victims are then redirected to fraudulent websites and third-party app repositories, where they are induced to download and install fake cryptocurrency and trading apps. However, this is when a change in tactics has been noticed. 

Normally, scam artists will lure their targets into either submitting their sensitive financial information into an app or purchasing cryptocurrency through other services, which end up in the wallets of attackers. 

In this case, however, CryptoRom scammers will allow victims to initially make withdrawals of their initial deposits from the fake apps -- designed to mimic popular, legitimate services -- after a 'win' on the market. 

This may seem counter-productive, but the scam artist then will urge their target to invest even more, as it appears that the investment 'opportunity' has already resulted in profit -- and there is more money to be made. 

Keep in mind that the scam artist is masquerading as a friend or a romantic interest. Having laid the groundwork of a personal bond and a seemingly real investment opportunity, the crooks will try to squeeze more cash out of their victim.

"To sweeten the pot, they even offer to 'lend' the target a huge sum to increase the investment; since they control the back-end of the app, they can inject fake deposits on accounts and create imaginary profits at will," the researchers noted. 

When 'profit' appears, and the user tries to make a withdrawal, the attackers' strike. Profits have been artificially created to any sum they wish -- and now, the victim having paid in further, the scam artist demands a "tax" of 20% on the imaginary figure via the app's "customer service" team. 

Some victims reported threats that tax authorities would take everything if they did not pay up. Naturally, they aren't allowed to pay using the funds held in the app. 

An individual reached out to Sophos and said that all of their retirement money, and loans, had been deposited and was 'frozen' in the app, with over one million dollars held. The fraudsters demanded a 'tax' payment of $625,000. 

This kind of double-dipping appears to be a successful tactic in romance & investment scams and one that we need to be more aware of. Fund recovery services targeting CryptoRom victims have also appeared on social media to make matters worse. 

It's likely these fake services want to capitalize on those already taken in once by online criminals. 

"Because of the nature of cryptocurrency and the fact that cross-border foreign transactions are involved, it is difficult at best to recover funds through law enforcement or other legal channels," Sophos says. "The vast majority of these services are fake, and it is highly unlikely that any service would be able to get victims' money back."

See also

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards