Tainted Love: Online Scams Cashing in on Romance
Remember when an old song asked, “What’s love got to do with it?”
In a time of dating websites, video calls, and free dating apps, the link between romance and cybercrime has now become apparent as ever. Cliché or not, it's true that love is indeed a powerful force. Unfortunately, they're also used as effective hooks for different scams.
Last year, we outlined a list that corralled a number of the most common love scams that successfully toyed not just with online users’ hearts but also their money—likening it to Neil Gaiman’s notion of love and how it makes anyone vulnerable.
[Read: 8 Valentine's Day threats]
Such is the case with people who have unknowingly allowed themselves to play accomplice to a cybercriminal act—with them usually coming out as the victims. In fact, reports say that romance scams count as some of the most successful schemes to rake profit from victims. Last year, the National Consumers League noted that they received at least 80 complaints from online users who have been victimized by romance scams.
With just a few days left before Valentine’s Day, here are some of the most common online scams that use romance as a hook.
Catfishing Schemes
A 70-year-old woman met a certain “Richard Randall” online. Entranced by the interest shown to her, the constant communication soon turned developed into an online relationship. Her fondness to Randall's woven identity grew stronger, eventually pushing her to send him over $300K in the course of two years, despite the fact that they've never met. In the end, Richard Randall, who claims to be in Ghana, turned out to be what's known as a "catfish".
Catfishing refers to the scheme used by scam artists when they build a meticulously woven story to trap an unsuspecting victim. They normally use a fake profile containing images normally stolen from existing accounts on social networking sites and a believable story of who they are and what they do. This means that a woman looking for romance in a dating site may think she is talking to a soldier stationed in Afghanistan or a divorced civil engineer from England working in the US, when, in fact, her online lover is simply a scammer working behind his machine using a script that has worked countless of times.
This kind of catfishing story is getting more common as online dating websites continue to flourish. In the United States alone, dating and matchmaking sites have grown to a billion-dollar industry, cashing in almost $2 Billion and attracting a consumer base of over 49 Million online users in 2015.
Intimacy turns into extortion
Last year’s FBI advisory on the trajectory of dating scams also shed light on an attack form that preys on the fear of its targets. In The Fine Line: The Trend Micro 2016 Security Predictions, our researchers painted a picture of a foreseeable future where attack tactics heavily rely on mastering the psychology of an attack rather than focusing on its technical merits.
The trap is simple yet elaborate. An unknowing victim may be lured into an engaging conversation with a character that was specifically developed to match the target's likes and interests. Once the bait is taken, the conversations will move into a particular networking site where the illusion of growing intimacy is formed. This is when the extortion scheme unfolds. The victims will be sent a link to a website where they'll discover that their conversations, contact information, and photos have been posted, and that they've been flagged as "cheaters". The victims are then urged—essentially, "blackmailed"—to pay $99 to take down the damaging information. However, this does not ensure that the posted files and information will be deleted after the payment has been done.
Instances such as this show how trusting someone you have never met can turn into a privacy nightmare—simply by marring one’s integrity and tarnishing reputations to easily bring a victim to cave in to a scammer's demands. Aside from losing money to a fraudulent online “friend”, one may also unwittingly aid in an actual money laundering scheme through fake checks and illegal overseas money transfer, or shipping of stolen goods.
Old Tricks, New Twists
The use of social engineering lures is a tried and tested technique used by cyber crooks to steal and monetize your data. Warnings after warnings have been made, but, to this day, these traps still manage to catch reckless online users off-guard. These schemes always use the same tactics, but in constantly-changing ways.
The Better Business Bureau notes that in 2015, consumers spent $19 billion on Valentine's Day. This means that a lot of free-spending happens during this period of time. And to a cybercriminal or online scammer, a man scurrying to get his girlfriend a nice bouquet of flowers online may be a fitting target of a Valentine’s flower or jewelry scam.
Hidden costs, fake diamonds, or dead flowers barely scratch the surface of V-Day scams that prey on users. Online crooks take advantage of seasonal events like this to stage phishing attacks. This could either be in the form of a spoofed flower delivery service or a fake website masquerading as a legitimate greeting card company. A trusting user could be easily tricked into keying in sensitive personal and financial information or download a file that would infect his or her system with data stealing malware.
Fake profiles, as mentioned above, aren’t exactly new, but the sad truth is that they continue to be effective. The spam letters of Nigerian princes promising millions in exchange for financial assistance have been replaced by intricate online personas designed to fool those looking for love, and it has extended to the mobile arena. The immense popularity of the dating app, Tinder, has brought not just the rise of fake profiles and stolen identities but a channel for bots that push links for a mobile game to their contacts.
For a 21-year-old junior at the University of North Carolina, a story about a Tinder profile that had her face under a different name sounded more funny than alarming. However, when her friends sent a screen-grabbed image of her in a profile that resembled nothing like her, the story became all too real. She was no longer Kristin Shotwell from Chapel Hill, but a certain chocolate-obsessed “Kim”, hiding behind Facebook-uploaded images and a list of interests that suggests that this person exists.
Shotwell started an online campaign to find the person behind the account. After numerous viral posts and newsroom appearances, the search for “Kim” was unsuccessful, and they never learned out who was behind the spoofed profile.
Beyond Valentine’s: Tugging on your heartstrings
Cybercriminal activities that appeal to one’s emotions do not have to involve a budding romance or a deepening online relationship. Charity and donation scams tug on a potential victim’s heartstrings to rake in profit.
When disaster strikes, the Internet provides a wide-reaching platform for charitable activities such as crowd-funding and other relief-driven projects. Millions of people pledge money online to contribute to a cause. Many scammers take advantage of such philanthropic acts and take social engineering lures to trick people into donating their money straight to the bad guys’ pockets.
[More: Avoiding crowdfunding and charity scams]
Awareness as a shield
Technology and schemes may have evolved, but scams that bank on emotions—love in particular—work and these will continue to capitalize on what works to their advantage. Spotting scams such as the ones stated above may be tricky, given that scammers put a lot of time into developing their personas and effective tactics, and dating sites are not necessarily filled with bots and malicious users. However, even the most elaborate of fake profiles have red flags, and even the most convincing scammers are bound to reveal their true intent soon enough. In the end, awareness is the most useful defensive tool against these types of schemes.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Artículos Recientes
- Ransomware Spotlight: Ransomhub
- Unleashing Chaos: Real World Threats Hidden in the DevOps Minefield
- From Vulnerable to Resilient: Cutting Ransomware Risk with Proactive Attack Surface Management
- AI Assistants in the Future: Security Concerns and Risk Management
- Silent Sabotage: Weaponizing AI Models in Exposed Containers