Users of social networks and messengers are becoming victims of new and even more sophisticated methods of social engineering related to romance and cryptocurrency. According to representatives of the US Federal Trade Commission (FTC), 2021 was a “gold mine” for scammers, and $770 million was lost during the year due to fraud in social networks alone. Investment, cryptocurrency and romantic scams were the most common ways to profit scammers.
In 2021 Sophos uncovered the international criminal group CryptoRom, engaged in romantic scams in Asia, the USA and Europe. CryptoRom members primarily target Bumble and Tinder users by tricking them into downloading fake cryptocurrency trading apps.
In some cases, victims lost all their savings and even took out loans in the hope of getting the money back. CryptoRom scammers found potential victims using WhatsApp messenger. The attackers carried out “cold calls”, offering investment opportunities, trading advice and promising financial profit.
CryptoRom members even allowed victims to withdraw their initial deposits from fake apps after a “successful” transaction. This may seem counterproductive, but in this way the scammers easily persuaded the victims to invest even more money.
“For greater credibility, the criminals offered to “lend” the victims a huge amount to increase investments. Since they control the server side of the application, attackers can enter fake deposits into accounts and demonstrate imaginary profits at will,” the researchers noted.
In some cases, the attackers threatened the victims with the tax authorities if the money was not paid. Moreover, users were not allowed to pay with funds stored in the application.