CryptoRom scam in dating apps more menacing than tinder swindlers

Crypto scams continue to be a big problem for those hoping to make a quick profit in cryptocurrency. Despite numerous warnings on crypto scams, many continue to fall victim and have lost a huge amount of funds.

According to a report from Chainalysis, scammers were able to take home a record US$ 14 billion in cryptocurrency in 2021. In fact, losses from crypto saw a 79% increase in 2021, driven mostly by theft and scams.

Now, Sophos has released insights into an international cryptocurrency trading scam called CryptoRom that targets iPhone and Android users through popular dating apps, such as Bumble and Tinder.

The new research, CryptoRom Swindlers Continue to Target Vulnerable iPhone/Android Users, stated that the modus operandi of the scam would include charging victims a profit tax when they tried to withdraw their investments from one of the fake trading schemes. The victims’ accounts were frozen and were charged up to hundreds of thousands of dollars in fake profit tax to regain access.

Well organized and sophisticated, the CryptoRom operation targets victims all around the world. The report was based on first-hand stories and content shared with Sophos by victims of the scam who got in touch after seeing Sophos’ previous reports on the matter.

For Jagadeesh Chandraiah, a senior threat researcher at Sophos, the CryptoRom scam is romance-centered financial fraud that relies heavily on social engineering at almost every stage. He said the scammers attract targets through fake profiles on legitimate dating sites and then try to persuade the target to install and invest in a fake cryptocurrency trading app. The apps are usually installed as web clips and are designed to closely resemble legitimate, trusted apps.

“According to victims of this scam who contacted us, the 20% ‘profit tax’ is only mentioned when they try to withdraw their funds or close the account. Victims who struggle to pay the tax are offered a loan. There are even fake websites that promise to help people recover their funds if they’ve been scammed. In short, whichever path the increasingly desperate victims go down to try to get their money back, the scammers are there waiting for them. People tell us they have lost a lifetime’s savings or their retirement funds to the scam,” commented Chandraiah.

The Sophos research also found a few cases where CryptoRom operators had approached targets directly via WhatsApp and SMS messages, probably using stolen information.

“It is deeply worrying that people continue to fall for these criminal schemes, particularly since the use of foreign transactions and unregulated cryptocurrency markets mean that victims have no legal protection for the funds they invest,” added Chandraiah.

Chandraiah also pointed out that this is an industry-wide issue that is not going away. He explained that there needs to be a collective response that includes traceability of cryptocurrency transactions, warning users about these scams, and quickly detecting and removing the fake profiles that enable this kind of fraud.

“Sophos has reported all of the CryptoRom-related websites and apps to Apple and Google, but the only long-term fix to prevent these scams is a collective response. Banks and financial organizations need to provide traceability for cryptocurrency transactions. Social media companies should alert users about these scams and should spot patterns and remove fake profiles committing this fraud. Finally, Apple and Google should alert users that newly installed “side-loaded” apps are not from official sources,” concluded Chandraiah.

---

---

---