CryptoRom: The new scam breaking hearts and emptying wallets

Garth Bray
Source: Fair Go

Had an unexpected WhatsApp message lately? Or any random social media contact?

It's probably pitched as a chance encounter, a 'Sliding Doors' moment on WhatsApp or some other messaging service.

"Is that you [insert random name]?" Or, "Hi are you the tour guide?" or even a cheeky "Who is this? Why is your number in my phone?".

It has an air of casual mystery and a hint of romance. Where will it lead?

Probably to a scam that leaves you poorer.

They're bogus accounts of course, and the approach is old school for romance scammers. However, the new twist catching out a younger audience is adding crypto into the mix.

"There's a lot of buzz around investments and making money quite quickly and when it comes to the younger generation things like Bitcoin and cryptocurrencies they're all the rage," says analyst Aaron Bugal from cybersecurity firm Sophos.

"Typically the type of people that fall for these attacks, they're looking for love, so their Spidey-senses are depleted, they're a little bit more open to engage."

Bugal says the online nature of the scam can leads some to think they may be safe taking risks that they wouldn't entertain IRL.

"They think that if something goes wrong there's a magical undo button that can just reverse all the ill effects of whatever they did online."

Sophisticated software

Sophos has labelled the ruse 'CryptoRom' and there is some sophisticated software hacking to support the age-old sweetheart swindle scams.

It has found scammers are exploiting a vulnerability in beta testing sites like Test Flight.

Scammers can use them to launch and share apps which haven't been scrutinised by Apple for its App Store or by Google for the Play site. The scammers can the manipulate those apps freely to help the story they are telling a victim, Bugal says.

"They get drawn in to depositing money into a scam account and then the scammer will say 'well actually, you've got some gains' and they can fake it with illegitimate apps, 'but to withdraw it you've gotta pay a bit of a tax, it's an $800 tax', so they give them more money, then all of a sudden they disappear."

In the US, scammers took nearly $200 million with them when they ghosted victims last year in CryptoRom scams. Add the more traditional cash and voucher scams and all up, romance scams fleeced Americans of over $770 million. That's 56,000 left broke and broken-hearted, according to a US Federal Trade Commission report. The FTC also cites other research that suggests those reported victims represent about 5% of the actual number, which would mean over a million US victims last year losing much more money.

The report suggests adding crypto has been kryptonite for Millennials, with a tenfold increase in the number of reports from victims aged 18-29 over the past five years.

In Aotearoa, cybersecurity watchdog CERT NZ says it took 53 complaints from romance scam victims in the first quarter of this year and estimates a 5-10% reporting rate, which would mean 2000 to 4000 real Kiwis may lose money this year to fake admirers.

Hard times mean even more hustle from the scammers, so heed Fair Go's advice:

  • Be sceptical of any surprise contact online, even if they know your name.
  • Never pay anyone online unless you are expecting goods or services in return.
  • While it's fun to have a secret admirer, share the news with family and friends who may spot something you don't.
  • Check in with CERT NZ or NetSafe if you want to run things past an authority that knows the hallmarks of a romance scam.