As has been covered numerous times in the past here at TechGenix, dating scams are a persistent threat that causes a great deal of damage. Not only are emotions toyed with, but security breaches and financial losses also follow with these sorts of social engineering attacks. The newest scheme to make its way into the dating landscape is something called CryptoRom, and it certainly ups the ante in terms of attack methodology.
As discovered, and later written about in a blog post, by SophosLabs, the CryptoRom scheme involves first establishing trust. The research blog post describes the aims of the criminals involved as follows:
…they strike up a friendship, using the dating game as a ruse, but then quickly move to money, this time in the guise of them doing you a big favour by offering you a chance to join an “unbeatable” investment opportunity.
As you can imagine, the “investment” that they propose typically involves cryptocoins, but to add a veneer of legitimacy, these CryptoRom crooks, as we’ve dubbed them (crypto- from “cryptocurrency” and -rom from “romance scam”), invite you to install an “official” app in order to join the scheme.
The app in question is specifically for iOS users and appears to have some legitimacy due to a loophole. Via abusing the Apple Enterprise Program and Super Signatures, these individuals can make the app look like Apple itself has determined it to be safe through “legitimate” certificates. This is what the CryptoRom scammers bank on. What results is the potential to not only steal money under the guise of legitimate investments in cryptocurrency but also remote access of an iPhone due to the faulty nature of the Apple Enterprise Program.
In a news release, SophosLabs stated that $1.39 million has been, at least at the time of their article, been stolen from victims. It goes to show that online dating has less and less going for it these days.
Featured Image: Flickr / Stock Catalog