How Scammers Steal Your Heart, Then Your Money

10623002855?profile=RESIZE_400xIf you were one of the millions of people who watched Netflix's The Tinder Swindler, you may have shaken your head in wonder at how women could be allegedly hoodwinked out of millions of dollars.  People fall for these scams for the same reasons that they fall prey to cold-call scam texts claiming that their loved one is in hospital and fees urgently need to be paid: When emotions are involved, rational thinking can go out of the window.

See:  https://www.netflix.com/title/81254340

Simon Leviev, born Shimon Hayut, is an Israeli man accused of conning women in an elaborate pyramid scheme to fund his luxury lifestyle.  According to the documentary and the women who say they were Leviev's victims, this is how the alleged scam worked: Leviev would match with women on the Tinder dating app and take them on luxurious dates, claiming that he was part of a family of billionaires in the diamond business.  He would pretend interest for an extended time and continue the charade with consistent voice notes, messages, and calls.  When he believed the woman trusted him enough, he would ask to borrow money, just for a short while. But, of course, his "enemies" were making life difficult and the check was always "on its way."  The funds would then pay for other dates, luxury goods, and travel.  As such, you could consider the apparent scam a pyramid, and an unbelievably elaborate one, at that.  Leviev has denied the accusations.

See:  https://redskyalliance.org/xindustry/is-romeo-sending-you-emails

Romance scams, by the numbers.  According to the US Federal Trade Commission (FTC), romance scams are outstripping every other fraud category in consumer losses.  In the past five years, consumers reported losses of $1.3 billion, reaching $547 million in 2021 alone and this number, in real terms, could be far higher.  By age category, victims are often over 60 years old but this bracket is also the least likely to report losses due to romance fraud, according to FTC research.

What are the types of romance scams?

Romance scams continue to evolve, not in a small part due to social media and the popularity of online dating.  With our lives becoming increasingly busy, not to mention the COVID-19 pandemic and stay-at-home orders, apps dedicated to online romance or casual dating have flourished.  Tinder, Grindr, Plenty of Fish, Bumble, Match, and Hinge are some of the most popular apps out there, and each can be an avenue for scammers to strike.

Romance scams vary, but they all have one of two purposes: stealing your cash or your information. Scams include:

  • Outright requests for money: Scammers might start small and even pay you back to build trust. However, it wouldn't be long before they would ask for far more and then vanish.
  • Requests might be made to purchase a flight or travel to see you, pay off customs charges, buy a new laptop or phone to keep communicating with you, pay outstanding medical bills, among other things.
  • Your scammer may also say they are expecting a cash gift or an inheritance, so they ask to 'borrow' money for a short while.
  • An emergency or disaster: For some, being a romance scammer is a full-time job, so spending time building trust with multiple victims is simply part of their working day.
  • Suppose enough of an emotional connection is cruelly created, and then they say there is a sudden emergency. There's been an accident, they are in trouble and their physical safety is threatened, or they are in hospital with looming medical bills.
  • This can create enough of a panic that the victim sends cash without a second thought, as the fraudster has already taken the time to build up trust.
  • Members of the military: The military scam is a popular one. A profile is set up with fake images often the stolen photos of actual soldiers and the use military jargon, titles, and known army deployment areas to appear more plausible.
  • They may say they are either just about to ship out or are soon to return and may also try to add some mystery by refusing to give details in the name of confidentiality.
  • Investments: Last year, Interpol warned that fraudsters are encouraging their matches to join them in financial "ventures."

 

The cybercriminal begins by building trust and offering tips and advice on stocks, shares, and investments.  They will then try to lure their victim into signing up for a fake financial product, normally hosted through a malicious investment app or fraudulent website.  An incentive is essential to this scam being a success. For example, your new love interest may offer you VIP status and personal instruction in the world of investing.  A victim could then submit their payment card details, which can then be stolen and used by the cybercriminals to make fraudulent purchases. Or they could load cash onto a fake platform only to be locked out of the account.

The fraudster blocks them and disappears.  "They're left confused, hurt, and worried that they'll never see their money again," Interpol noted. Most of the time, victims won't.

Cryptocurrency: Cryptocurrency-related scams are a new twist on older investment scams. Scam artists take advantage of a general lack of understanding surrounding cryptocurrency to hoodwink their victims.  This may include signing them up for fake cryptocurrency trading apps.

Sophos researchers published an advisory on CryptoRom in 2021, a cybercriminal ring that targeted Tinder and Bumble users.  Victims lost thousands of dollars after falling prey to these romance scams, and fake cryptocurrency trading apps were promoted not only on these dating apps, but also on social media networks and cold-call WhatsApp solicitations.

What are the techniques of today's romance con artist?

Catfishing: The most basic technique is known as catfishing the use of stolen or otherwise fake photos on a dating profile. Scammers may also use a fake name, location, age, and profession.  While in some situations, it's just a case of someone not looking much like the photos they selected, in others, catfishing can be used to target the more vulnerable users of dating services.  Investigators have found stolen photos of models commercial, catalog, and even in telecoms promotions as well as members of the military and social media influencers in the past. Fake, but complete with profiles stating they were genuine and looking for a relationship.

Stolen videos: Alongside stolen images, fraudsters may steal videos from social networks and the person's account they are impersonating, whether from Facebook, TikTok, or other platforms. The use of videos when they are available can make the catfish appear more trustworthy.

Love bombing: To try and show romantic interest quickly, the scam artist may bombard you with compliments and conversation starters and part of this is designed to try and find out as much information about their target as possible. The more they know, the more likely it is they can steal from you.

Moving you away from the app: Dating apps and services, on the whole, are restrictive when it comes to sharing videos and images, and they tend to limit how a scam artist can operate.  Shifting you quickly to a platform like WhatsApp makes their job easier.

Teams: While the romance scam needs to be one-on-one and intimate to work, this doesn't mean only one victim is in play at a time. Romance scams have become such a lucrative business that it is difficult to police, so cybercriminal gangs are profiteering by "working" in this way.  One scam artist could be playing countless connections at the same time, all to make money for the overall group.

Blackmail: Fraudsters may also use blackmail to force their victims to pay up.  In 2021, UK police warned of an uptick in online sextortion, in which individuals on dating websites and apps would be lured into steamy webcam sessions.  Without their knowledge, these intimate encounters were recorded and then the fraudsters would use the information they had gained about their mark, as well as social media, to find their family, friends, and colleagues.  The victim is then threatened with the footage being leaked unless they paid up.

Trust turns to theft: How does money change hands in romance scams?

Wire, bank transfers: Scamwatch  https://www.scamwatch.gov.au has found that close to 34% of losses due to romance fraud are made through bank and wire transfers.  It can be hard to prove that you've had money stolen from you if you perform these transactions willingly, and unless a romance scam case winds up in court, you may never see your money again.  Banks and financial services are not generally obligated to return your funds to you.  Indeed, many banks are now adopting "are you sure this isn't a scam?" notices before you authorize a transaction demonstrating your consent, and removing them from liability.

Gift cards: Gift cards for services including Google Play, iTunes, and Steam are also popular ways scammers adopt to steal funds.  Scamwatch says that these types of payment methods represent almost 31% of losses.  Gift cards may be chosen as they are quick and an anonymous form of payment.  Prepaid, reloadable debit cards may also be requested instead of wire transfers or company-specific gift cards.

CashApp: CashApp is a quick way to transfer cash and pay for services and may be used by fraudsters to request money from their love interests.  For example, they may ask for help in paying for car repairs (to see you, of course !), a new phone, urgent bills, or food.  If the scammer thinks you would be amendable to sending you more funds, they will carry on the charade. If not, once a payment is sent, victims are immediately blocked.

Cryptocurrency: Direct cryptocurrency transfers and theft can be more difficult to manage and so cybercriminals will usually push their victims to "invest" in crypto such as Bitcoin (BTC).  This may be achieved by walking a victim through purchases on legitimate exchanges, including Coinbase, before luring them into transferring coins from their wallet to a third-party site controlled by fraudsters.

Checks: In some cases, scammers may ask their victims to support business ventures by opening bank accounts and writing checks for them. Money is wired by the scam artist and then the victim will write checks to "pay vendors," but eventually, wires will be reversed.  When these accounts are opened they are in the victim's name and so it is they who are liable and potentially placing themselves at risk of prosecution for fraud.  If (or when) banks detect these activities, the victim is on the hook to pay for the amount on the fraudulent checks.

Laundering: Scammers are often not independent and are part of a wider team. Therefore, gifts, loans, or payments made by victims must be cleaned up somehow.  Funds may be laundered through bank accounts opened using fake names or businesses, or via cryptocurrency "washing" services on the Dark Web.

Money mules: To make matters worse, victims of romance scams may also find themselves becoming unwitting money mules.  In a case documented by the FBI, an 81-year-old woman became a money mule after being targeted by a man in Nigeria through an online dating scam.  For five years, she accepted mobile devices to sell for her "love" and opened both personal and business bank accounts at his request.  Despite multiple warnings by law enforcement that she was being scammed, the woman didn't stop and ended up pleading guilty to felony charges.

What are the signs I'm in a romance scam?

Requests for cash: If someone on a dating app asks you for money or offers you an 'investment' opportunity as their special friend, especially if you haven't met in person, they are trying to scam you.  Block and ghost to stay safe.

Outlandish stories: Stories of woe, terrible luck, accidents, and tragedy are often created by scam artists to try and gain sympathy and an emotional reaction from their victims.

Inconsistency: Telling lies can cause memory difficulties, and unless they believe their own stories, inconsistencies in their activities and past can indicate that something isn't right.  

Suspicious images: If you want to check to see if you are being catfished, save their profile picture and paste it into a reverse image search.  It takes mere seconds and is one of the first indicators that you are talking to someone who isn't who they appear to be.

Broken phones, Webcams: If your new love interest refuses to meet you in person or their webcam/mobile phone camera has conveniently developed a glitch, this may be a sign you are being duped.

Your safety should always come first.  Whenever you use a dating app, you should always be mindful of your safety.  Even if someone seems genuine, it's best practice not to allow them to meet you at your home on your first encounter and to stay in public places.  There are recorded cases of assault and murder due to individuals meeting through dating apps.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.    For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!