Cybersecurity scholars at Sophos have revealed a new fraud campaign involving catfishing on social media, certain fake apps, and many cryptocurrencies.
The premise is simple: a scammer is going to create a fake (primarily female) identity on popular social media and dating sites, find innocent victims, and take them for everything they have.
After exchanging extensive messages and gaining their trust, the attackers will convince the victims to "invest" in cryptocurrency together, in imitations of popular trading applications. In one such case, the attackers created RobinHand, a fraudulent version of the popular RobinHood trading platform.
Romance-based financial scams are as old as time itself, but many have recently been updated with the proliferation of cryptocurrencies.
Distribute iOS apps
Sophos points out that criminals were able to distribute these apps even on iOS by abusing Apple's "Super Signature" app distribution scheme, such as TestFlight (a feature used to test "beta" versions of apps before launch). get to the actual repository).
The "co-investment" part is also a gimmick. As scammers exploit the app's backend, they can prove that the victim's account contains any amount of money, which builds their trust. However, the victim can never withdraw the money, it is lost forever.
The rabbit hole goes even further. Once the victim tries to withdraw the funds and sees that they cannot, the scammers will suggest that they contact "user support", where they will be told to pay a "fee" of twenty% to withdraw the funds, taking up to pennies on your bills Those who deny will get a little "boost": your loving interest will offer to "lend" part of the tax funds.
The entire operation, called CryptoRom, was initially aimed at the Chinese-speaking community, but has recently expanded globally, Sophos says.
"These scams are well organized and are specialists in identifying and exploiting vulnerable users based on their circumstances, interests and technical skill level. Those involved in the scam have lost tens of thousands of US dollars," the report concludes.