Time.news – Feelings and Ponzi scheme: the story told by the Netflix series “The Tinder Scammer” is not the only one in which dating apps are used as bait. There is a cyber-scam in progress. It’s called CryptoRom, which affects iPhone and Android users through apps like Bumble and Tinder.
The practice is different from that of the Netflix series: the scammer never shows up, does not entice with luxury but with cryptocurrencies. Yet it is based on some common elements: CryptoRom is a financial scam which relies on sentimental relationships born online. Victims are contacted with fake profiles and, thanks to the agreement created via chat, convinced to install fake apps to invest in digital currencies.
The stories of the scammed
Sophos, a company specializing in cybersecurity, had spotted the scam late last year. But in recent weeks he has noticed a leap in quality: the techniques used are increasingly sophisticated and the geographical area, previously limited to Asia, has expanded. Now, then, there are also the stories of the victims, who – after becoming suspicious – have searched for information online and have recognized themselves in the reports of Sophos.
There are those who ask for information: “I have lost more than 20,000 dollars. Can you help me check if the app is real or not? ”. And who already knows they’ve been duped: “I invested $ 100,000 in a fake trading app. They are plundering innocent people ”. Up to the most striking case: a victim would have lost $ 625,000.
Phase 1: contact
The approaches are different, but none foresee an encounter with the victim. And that’s the main difference from the Tinder scammer. Criminals use dating sites and apps, but also social networks and WhatsApp. The messages contain investment tips, with promises of great returns. Anyone can become a target, although those already interested in cryptocurrencies are often targeted. The links sent to the victims lead to fake apps, similar to other popular and legitimate ones.
Phase 2: trust
The factor that makes CryptoRom so effective is trust. Boarding on dating sites allows for an intimate relationship with the victim. But not only. “It seems – explains Sophos – that scammers allow targets to initially withdraw from fake accounts.” The victim is then given the (fictitious) demonstration that the system works. The result is a confidence that pushes to invest even more. It is the most classic Ponzi scheme, with which the sums squeezed out of the scammed are used to convince the new victims.
In some cases, the contact even offers to lend and deposit money into the account. Sin is non-existent: cybercriminals control fake apps and inject fake deposits and profits into the victim’s wallet.
Step 3: fake taxes
When the victims, convinced that they have made large profits, decide to withdraw their funds, the scammers intervene with a second financial guillotine. The account is frozen until some phantom taxes are paid on the profits, equal to 20%. The communication is accompanied by a threat: if you do not pay what “due”, the tax authorities will seize the entire amount deposited.
“I invested all my pension money and some loans, about a million dollars,” says one of the victims. A “friend” convinced her to bet everything on a joint investment which, in a short time, had made 3.1 million dollars. “I had no idea that to unlock my account they would ask me to pay $ 625,000, 20% tax on total profits.” Real money paid out to be able to download a non-existent gain.
Phase 4: the fake help
What if the victims don’t have the money to unlock the account? To squeeze every single dollar, the lever of trust returns. “A friend of mine can lend me $ 10,000, I can find another $ 300,000 to help you. You have to try to put the rest together ”, she reads in a chat between victim and scammer. With a fake support, you aim to draw more money.
Stage 5: Collateral Damage
After realizing they’ve taken the bait, CryptoRom victims look for a way to get their money back. In desperation, they often expose themselves to further risk. “Numerous cryptocurrency recovery services have arisen – explains Sophos – specifically targeting CryptoRom victims. The vast majority are false ”. Also because recovering the stolen figures is “highly unlikely”. It is also true for law enforcement, “due to the nature of the cryptocurrency and the fact that cross-border foreign transactions are involved.”