Valentine's Day 2023

10961706484?profile=RESIZE_400xWith Valentine’s Day quickly approaching, threat actors will be attempting to prey on individuals seeking companionship or romance.  Our friends at the NJCCIC continues to receive reports of sextortion incidents in which victims are threatened with the release of compromising or sexually explicit photos or videos if an extortion payment is not made.  Some sextortion threats are not credible, as threat actors are unable to provide proof of such photos or videos.  However, there is an increase in reported sextortion incidents in which victims sent compromising or sexually explicit photos or videos to threat actors pretending to be trusting potential love interests.[1]

Threat actors use social engineering tactics to lure their victims via email, text message, chat and video chat apps (such as Snapchat, WhatsApp, Skype, and Kik), social media platforms (such as Instagram, Facebook, and Wizz), or dating apps (such as Grindr and Hinge).  They may initiate communication through one of these platforms and then move to other platforms.  In several incidents, threat actors pretend to be attractive females targeting males to coerce a response.  They build trust with their victims and convince them to divulge personal information, such as phone numbers, family members, employers, and social media account information, before threatening to post the photos or videos to the victim’s social media platforms or release them to family members, friends, or employers.  They may also threaten to upload the explicit photos or videos to various pornographic websites if payment is not made.  Extortion payments are typically demanded to be sent via Zelle, Venmo, Cash App, MoneyGram, Bitcoin, Coinbase, or in the form of gift cards.  Similar to sextortion, threat actors may engage in romance scams by posing as potential love interests and building trust with a victim to establish a relationship quickly.   Eventually they may create a fake emergency and request the victim send money to help.  They may also encourage victims to invest in cryptocurrency that turns out to be a scam.

Sextortion and romance scams continue to be successful as threat actors change tactics to coincide with trends and topics of interest in order to increase their likelihood for a reward or payout.  To help counteract these scams, the New Jersey Senate recently passed a bill to make sextortion a third-degree crime punishable by up to five years in prison and a $15,000 fine.  For victims who are minors or adults with developmental disabilities, the offense would be a second-degree crime punishable by up to 10 years in prison and a $150,000 fine.  If the bill is signed into law, New Jersey will become the 18th state in the US to formally ban sextortion.

This year’s theme for Safer Internet Day on 7 February was sextortion with a focus on financial sextortion and making sure young people know they can always get help. Additionally, the FBI and international law enforcement agencies issued a joint warning regarding the explosion in sextortion incidents targeting children and teens.  Over 7,000 reports of sextortion received by law enforcement agencies in 2022 resulted in over 3,000 minor victims, primarily boys, and more than a dozen victims died by suicide.

The NJCCIC recommends users educate themselves and others on this and similar scams to prevent future victimization.  Please review the Beware of Sextortion and Romance Scams NJCCIC product.[2]  The NJCCIC also advises against paying ransoms of any kind, as these scams are typically not considered credible threats unless photos or videos are provided.  Users are advised to inspect questionable requests for typical indicators of these scams, exercise caution with unsolicited communications, and refrain from providing photos or videos, personally identifiable information (PII), financial information, or funds.[3]  Users are encouraged to report cyber incidents via the NJCCIC Cyber Incident Report Form, the FBI’s Internet Crime Complaint Center (IC3) website, and their local police department.  Users are also advised to report scams or abuse to associated email providers, social media platforms, or dating apps, especially if there is a violation of terms and conditions or acceptable use policies.

Indicators:

The Lies Romance Scammers Tell - Romance scammers adjust their story to what they think will work in each situation.

  • Scammers say they can’t meet you in person. They might say they’re living or traveling outside the country, working on an oil rig, in the military, or working with an international organization.
  • Scammers will ask you for money. Once they gain your trust, they’ll ask for your help to pay medical expenses (for them or a family member), buy their ticket to visit you, pay for their visa, or help them pay fees to get them out of trouble.  They may even offer to help you get started in cryptocurrency investing.
  • Scammers will tell you how to pay. All scammers, not just romance scammers, want to get your money quickly.  And they want your money in a way that makes it hard0 for you to get it back.  They’ll tell you to wire money through a company like Western Union or MoneyGram, put money on gift cards (like Amazon, Google Play, iTunes, or Steam) and give them the PIN codes, send money through a money transfer app, or transfer cryptocurrency.
  • Scammers do these things to pressure you into acting immediately by paying money. But it’s a scam.

How to Avoid Losing Money to a Romance Scammer - Here’s the bottom line: Never send money or gifts to a sweetheart you haven’t met in person.

If you suspect a romance scam:

  • Stop communicating with the person immediately.
  • Talk to someone you trust. Do your friends or family say they’re concerned about your new love interest?
  • Search online for the type of job the person has plus the word “scammer.” Have other people posted similar stories? For example, search for “oil rig scammer” or “US Army scammer.”
  • Do a reverse image search of the person’s profile picture. Is it associated with another name or with details that don’t match up?  Those are signs of a scam.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com             

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/   
  • Website: https://www. wapacklabs. com/  
  • LinkedIn: https://www. linkedin. com/company/64265941   

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989  

[1] https://www.cyber.nj.gov/garden_state_cyber_threat_highlight/sextortion-and-romance-scams-dodging-cupids-malicious-arrow

[2] https://www.cyber.nj.gov/garden_state_cyber_threat_highlight/beware-of-sextortion-and-romance-scams

[3] https://consumer.ftc.gov/articles/what-know-about-romance-scams

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!