“CryptoRom scams rely on social engineering at almost every stage,” says Jagadeesh Chandraiah, Senior Threat Researcher at Sophos. “First, attackers post credible fake profiles on popular dating sites. Here, after making initial contact with the target, they suggest continuing the conversation on a different messaging platform. Then they convince the target to install and invest in a fake cryptocurrency trading app. Initially, the offer looks very good. But when the victim asks for their money back or tries to access their funds, they realize they’ve been scammed. Our research shows that attackers have made millions of dollars this way.”
“Until recently, attackers were mostly distributing fake crypto apps through fake websites that looked like a trusted bank or App Store,” Chandraiah says. “The ability to access the iOS enterprise developer system poses a greater risk to victims. To avoid falling victim to such scams, we recommend iPhone users only download their apps from the official App Store. The golden rule is not to trust an offer if it looks risky or too good to be true.”
Sophos recommends that users install a security solution like Intercept X for Mobile on their mobile devices to protect their iOS and Android devices from cyber threats. In addition, all personal devices can be secured with Sophos Home.