Just be romantically gullible and susceptible to online dating friends.

An international cryptocurrency trading scam called CryptoRom has been targeting users of popular dating and messaging apps on iOS and Android platforms.

Victims of the CryptoRom scam were recommended by someone they had met on such platforms to invest in crypto trading through a counterfeit crypto trading app. The new ‘friends’ claimed to have invested some of their own money to bring their joint stake up to US$4m. Apparently, their investment had brought in a profit of US$3.13m.

Subsequently, victims who tried to withdraw their investments from one of the fake trading schemes found their accounts had been frozen, and they had to pay up to hundreds of thousands of dollars in fake ‘profit tax’ to regain access. In one case, a victim was charged US$625,000 to regain access to the $1m they had invested in the  fake crypto trading scheme.

According to Jagadeesh Chandraiah, Senior Threat Researcher, Sophos, which has been researching CryptoRom activities, the fraudsters are misusing Apple’s TestFlight feature that allows for a limited group of people to install and trial a new iOS app and go through a less stringent Apple review process. Other initiatives such as the iOS Super Signature and Apple’s Enterprise Program have already been used for the same purpose.

“CryptoRom is a romance-centered financial fraud scam that relies heavily on social engineering at almost every stage. The (fake) apps are usually installed as web clips and are designed to closely resemble legitimate, trusted apps. Since the use of foreign transactions and unregulated cryptocurrency markets mean that victims have no legal protection for the funds they invest, we need a collective response that includes traceability of cryptocurrency transactions; user education about these scams and quick detection and removal of the fake profiles that enable this kind of fraud,” Chandraiah said.