The US Federal Bureau of Investigation (FBI) has issued a public service announcement warning about cybercriminals targeting victims through mobile beta-testing applications. While the FBI did not specifically name any vendors or services, the main objective of these criminals is to trick iPhone users into installing software that did not come from the App Store. Many iPhone users feel secure against malware and other threats due to Apple’s strict policy of acquiring apps only from the App Store. However, there are ways to install unofficial apps on iPhones, such as using Apple’s Mobile Device Management (MDM) system or signing up for Apple’s TestFlight service.
Both MDM enrollment and beta-test signup require the user’s active agreement. However, these scammers are not aiming to sign up everyone but rather target a select number of potential victims. They often start by creating fake profiles on online dating sites to establish trust and friendship with their victims. Instead of building relationships based on love, they develop relationships based on money, usually by luring victims with exclusive cryptocurrency investment opportunities. These scammers explain the suspicious deployment method of the app as a sign of its exclusivity and privilege.
Typically, these scams involve fraudulent backend systems that show fake investment data. Victims are led to believe that their investments are growing, and they may even make withdrawals to test the legitimacy of the site. However, these withdrawals are usually limited, and any additional funds invested are not returned. In some cases, scammers become threatening and claim that the government has frozen the victim’s account, demanding a tax payment before allowing them to withdraw their funds. Victims may end up paying even more money to the scammers out of desperation.
To protect oneself from these scams, it is important to be cautious when online friendships turn to discussions about money. Do not be swayed by common interests or similarities, as scammers may have carefully read your online profiles. Never give administrative control of your device to someone who is not your employer or install beta-quality software unless you are part of the development process. It is crucial to take time and not rush into financial dealings with online acquaintances.