A Nigeria-based gang of scam artists, known as ‘Scarlet Widow’, have been using romantic scams to trick and deceive victims into sending large amounts of money, according to a report published by secure email company Agari.
Agari uncovered the scam which involves posting fake personas on websites like Match, eHarmony, and OkCupid, as well as targeting “relationship seekers on more specialised sites, such as Dating4Disabled.com, FarmersDatingSite.com, and DivorcedPeopleMeet.com,” Agari said. “It also uses sites for people seeking partners in the US military, including MilitaryCupid.com.”
Fake personas created as part of the scheme include ‘Laura Cahill’, a Texan model working in Paris; ‘Starling Micheal’, a handsome United States Army captain stationed in Afghanistan, whose perfect woman
“has a trusting mind to fall in love” and ‘Lisa Frankel’, a Norwegian saleswoman eager to visit the United States, looking for an “honest and caring man to date and have as my future husband”.
According to the Agari report, a Texas man fell victim to Laura’s persona and was scammed into sending $50k (£39k) to scammers. The two only communicated via email, and never actually met in person or spoke on the phone.
Unfortunately, despite warning signs from family members and close friends, the unnamed man opened a “joint account that let her con him out tens of thousands of dollars,” Agari said.
“Great financial hardship”
It is important to raise awareness about romance scams since its victims are often too embarrassed to report the crime,” says Crane Hassold, senior director of threat intelligence at Agari. “Romance scams are devastating for their victims, who may suffer great financial hardship and psychological trauma as a result.”
Once one of the fake profiles receive a response, the scammers send messages about their faith in God and the importance of trust. Once a relationship is formed, the scammer tells their victims that they need financial assistance.
This assistance is usually in the form of money for plane tickets, travel assistance, or accommodations, according to the Agari report.
The report comes as Federal Trade Commission (FTC) warned Americans to keep an eye out for anyone committing romance scams. The FTC said this week it received a record of 21,000 reports of romance scams, costing victims a total of $143m (£111m).
Ilia Kolochenko, CEO of the web-security firm, High-Tech-Bridge, said: “Dating scams are particularly dangerous and effective because of the numerous data breaches on dating websites that have occurred over the last couple of years.
“On such dates as St Valentine’s Day – click-rates for a well-prepared spear phishing campaign may be as high as 100%.”
GDPR rules are “powerless”
Kolochenko said the recent GDPR rules are “powerless” in these sorts of circumstances because they “fail to protect victims”, and can only impose stiff fines on careless websites.
“Even if passwords are properly hashed and thus are hardly brute-forceable, a great wealth of other details are openly available to the attackers to encourage the victim to react. Paired with vishing (the telephone equivalent of phishing) capacities to imitate voice and phone calls, the attackers have “armour-piercing” access to individuals’ devices.
“Users should be particularly cautious when they suddenly receive a personal email (even an expected one) on an important date such a St Valentine’s Day.
“Cybercriminals skillfully speculate on human psychology, for instance by impersonating the victim’s ex-lovers and/or close acquaintances.”