Researchers at Sophos Labs have uncovered a deceptive scam that preys on iPhone users seeking love through dating apps.
Dubbed the CryptoRom scam, the scheme involves scammers reaching out to victims via their dating app accounts. By engaging in direct messaging, the scammers build trust with the victims.
Once a rapport is established, the scammers prompt the victims to download fake trading applications that appear legitimate, complete with authentic-looking domains and customer support. The conversation then shifts towards investments, with the scammers persuading the victims to invest a small amount. To sweeten the deal, the scammers allow the victims to withdraw their initial investment along with some profit.
In order to entice victims into making larger investments, the scammers may offer in-app loans or encourage the purchase of various financial products or investments in supposed “profitable” trading events. However, when victims attempt to retrieve their funds or grow suspicious, they find themselves locked out of their accounts.
According to Sophos researchers, most victims of the CryptoRom scam are iPhone users located in the United States or Europe. Popular dating apps like Bumble, Grindr, Tinder, and Facebook Dating are used as bait by the scammers.
Victims of the CryptoRom scam have collectively lost over $1.4 million. In many instances, the scammers have instructed victims to transfer money by purchasing cryptocurrency through the Binance app and then transferring it to a fake trading application.
This latest discovery by Sophos Labs follows a previous report from May, which highlighted scammers exploiting dating sites and apps to trick victims into installing fake cryptocurrency apps on both iPhone and Android devices.
Initially believed to target victims in Asia, the scope of the scam has since expanded globally. An investigation into the scam revealed that the perpetrators utilized Apple’s ad-hoc Super Signature distribution scheme to target iOS users. Additionally, malicious apps tied to these scams on iOS have been found to leverage configuration profiles that abuse Apple’s Enterprise Signature distribution scheme to target victims.
The widespread nature of the CryptoRom scam serves as a stark reminder of the importance of exercising caution when engaging with unknown individuals online, especially on dating platforms. Vigilance and skepticism can go a long way in protecting oneself from falling victim to such deceptive schemes.