Unfortunately, we have needed to write and warn about romance scams and romantic scammers many times in recent years.
In fact, in February 2021, we published an article titled Romance scams at all-time high: here’s what you need to know, following a report from the US Federal Trade Commission (FTC), America’s official consumer protection watchdog, warning that that romantic scammers are making more money than ever before.
Victims in the United States were cheated out of more than $ 300 million in 2020, up from $ 200 million in 2019.
Conventional romance scams are what we often refer to as “long game” confidence tricks, where someone you meet online, typically on a dating site, manages to convince you: [a] that they are a real person with the life story they claim; [b] that they are love for you; and most importantly, [c] that you are in love with them.
After weeks, perhaps months of careful groundwork, the illusory lover turns the talk against money and gradually convinces you to get rid of more and more of it thanks to an ever-evolving array of cuddles, assaults and excuses that practiced cybercams can sometimes sustain for weeks, months or even years.
Put money before love
Well, there’s another angle that dating site scammers take these days where the crooks quite deliberately put money before love.
They still use dating sites to select, pursue and care for their victims, but instead of investing weeks or months that go from friendship, through love, romance and maybe even fraudulent betrothal, to the “fleecing” phase …
… they form a friendship and use the dating game as an addiction, but then quickly turn to money, this time under the guise of doing you a great favor by offering you a chance to participate in an “invincible “investment opportunity.
As you can imagine, the “investment” they propose typically involves cryptocoins, but to add a veneer of legitimacy, these CryptoRom villains, as we have baptized them (crypto- from “cryptocurrency” and -Rome from “romantic scam”), invite you to install an “official” app to join the scheme.
All the dubious excuses that traditional romantic scammers need to get you to use money transfer services to send money or to buy gift cards and send the redemption codes are replaced by a sense of structure: there is a real app for this investment!
In fact, crypto-room scammers will even offer you an app if you have an iPhone, where Apple’s “walled garden” approach to requiring all consumer app downloads to come from the Apple App Store almost certainly convinces many victims that the cryptocurrency app really needs to have some form of official approval or approval.
The App Store, like Google’s Play Store equivalent to Android, is in no way immune to malware, fleeceware, and other badware apps.
But completely fake cryptocurrency trading apps based on completely fake trading platforms rarely get through. (In general, trading apps and platforms have to comply with a whole lot of rules in addition to Apple’s own.)
So these villains bypass the App Store completely, using a series of tricks explained in a new SophosLabs research report entitled CryptoRom fake iOS cryptocurrency apps hit US, European victims at least $ 1.4 million.
“Pretend your phone is really our phone”
The technological basis for these scam apps is surprisingly simple: the villains persuade you, for example on the basis of a friendship carefully cultivated via a dating site, to give them the same kind of administrative power over your iPhone that is usually reserved for businesses. , which manages company-owned devices.
Companies that register personnel devices in Apple’s remote control system using what is called an MDM (control of mobile devicesprofile, do so to take an active role in the protection, monitoring and control of these devices.
Typically, they can remotely delete them, unilaterally or on request, block access to company data, enforce specific security settings such as lock codes and lock timeouts …
… and (that’s the feature the villains are after!) They can install custom enterprise apps designed for employees only.
This “loophole” allows companies to bypass the App Store for proprietary apps that do not have to be available for everyone to download.
So cryptoromous villains are taking advantage of this Enterprise Provisioning function by tricking you into treating them as if they were your employer, and as if they had a reasonable need or right to exercise almost complete control over your entity.
In a fraudulent app deployment process that SophosLabs investigated, criminals even used the “Description” box in their fake app to claim that their off-market software was “approved by Apple to be secure and reliable”:
Of course, the app is not a trading program at all.
There is no trading platform behind it; your “investments” are not used to buy any kind of cryptocurrency, not even a volatile or little known one; every “trade” and “profit” reported by the app is imaginary; if you are ever allowed to withdraw any of your “profits” to build trust, the crooks will simply give you a little bit of your own money back; and when you want to pay off your “investment” …
… you realize that it’s all smoke and mirrors what is known in jargon as one pyramid or Ponzi scheme.
What to do?
- Take your time when “dating site” talk goes from friendship, love or romance to money. It’s Cybersecurity Awareness Month right now, and one of the catch phrases in #Cybermonth is: Stop. Think. Connect. Do not be influenced by the fact that your new “friend” happens to have a lot in common with you. It does not have to be due to serendipity or because you have a real match. The other person could simply have read your various online profiles carefully beforehand.
- Never give administrative control of your phone to anyone for no real reason. Never click
[Trust]on a dialog that asks you to sign up for remote control unless it is from someone you already have an employment contract with that the terms have been explained clearly to you in advance and you understand and accept the reasons for signing up for your phone.
- Do not be fooled by app descriptions that require Apple approval. Description text, unofficial reviews and text displayed by screens in the app itself are just that: text. Trusting what an app says about itself is like sending an email to someone you are not sure about and asking “Are you genuine?” If they are truthful, the answer will be “Yes”. If they lie, the answer will be “Yes”.
- Listen openly to your friends and family if they try to warn you. Criminals who use romance or dating as bait think nothing of deliberately putting you against your family as part of their scam. They may even “advise” you not to let your friends and family be part of your “secret”, to turn their romantic interest or their investment proposal into something that conservative, hidden people simply will never understand. Do not let the scammers drive a wedge between you and your family as well as between you and your money.
YOU CAN ALSO LIKE: