Researchers at Sophos Labs have unearthed a fake iOS cryptocurrency apps that has targeted US, European victims for at least $1.4 million. 

The CryptoRom scam involves victims being contacted through dating sites or apps like Bumble, Tinder, Facebook dating and Grinder. Conversations are then moved to messaging apps. 

After the victim becomes familiar, they are asked by the scammer to install a fake trading application with legitimate domains and customer support. 

”They move the conversation to investment and ask them to invest a small amount, and even let them withdraw that money with profit as bait. After this, they will be told to buy various financial products or asked to invest in special “profitable” trading events,” the researchers explained.

To make it seem more legitimate, the scammer even lends some money into the fake app. When the victim wants their money back or gets suspicious, they are locked out of the account.

Victims have been defrauded of at least $1.4 million by CryptoRom. In one particular case, one victim shared the bitcoin address to which they transferred their money and at the time of writing, $1.39 million had been sent. 

”This shows the scale of this scam and how much money fraudsters are making from vulnerable users. This is just one bitcoin address, the tip of the iceberg. There could be several, with millions being lost. So, this scam is more serious as it hurts real people.”

The researchers added ”In most cases we have come across, crooks have asked victims to transfer money by buying cryptocurrency through the Binance app and then to a fake trading application. This is probably done to avoid the tracing of funds to its destination and recuperation.”

Want to hear more about financial crimes? Make sure to register to FinCrime Global to hear subject matter experts discuss the landscape and more. 

Must see sessions include:

  • The Complex Web of Financial Crime | 27 October at 1:45pm BST
  • Connecting the Dollar Signs | 27 October at 3:15pm BST
  • Welcome to the eLaundry | 28 October at 10:15am BST