Valentine’s Day is fast approaching and romance is in the air. Love is also blooming online, but sadly, so are romance scams. We have covered romantically-themed online scams in the past. These include attempts to spread malware through Valentine-themed links on social media, search engine poisoning, phony gift cards, and fake e-greeting cards.
Today we look at a different form of romance scam, where cyber criminals use hacked email accounts to groom victims that they contact through social media Here’s a typical scenario based on conversations I had recently with fraud investigators for two big banks:
You meet this guy on a dating site. After exchanging just a few emails he seems to know you so well, it feels like there’s real chemistry there. Then suddenly this guy needs emergency surgery while he’s out of town on business: “Can you possibly wire me $4,000?” And guess what, you know how to execute wire transfers, because you’ve done them before. And you happen to have quite a bit more than $4,000 in your checking account. And so you call your bank…Whoa! Hold it right there.
Welcome to Stephen’s first rule of twenty-first century romance: No wires until we’re hitched. Sound bizarre? Well ask yourself, how did this guy know you had money and wire transfer know-how? Is he just lucky or has he been reading your email? In a new twist on an old scam, the bad guys are using unauthorized access to email accounts to profile victims for e-love. When they find a target with the right attributes (single, good cash flow, wire transfer experience) they stalk them online and strike up a relationship.
And scammers aren’t just using email as profiling agents anymore. As we noted in the recent PokerAgent investigation, scammers are using Facebook itself to determine financial wherewithal of the users by sorting out whether they had stored payment and high Poker Chip value on the platform. While we haven’t seen this used for Valentine’s Day scams yet, the profile certainly would fit, as they also harvest Facebook credentials, allowing future “casual meetings” through the platform.
Jennifer Waters, writing in MarketWatch, says that according to Steven Baker of the U.S. Federal Trade Commission, romance scams are so prevalent today, the consumer protection agency has started giving this type of scam its own category (like identity theft or tax-fraud theft). The FTC Sentinel, a database that law-enforcement agencies use to track crimes, is likely to report some 10,000 complaints under the romance-scam heading for 2012, and that’s just the ones that were reported.
So, you know it is happening, but how to protect yourself? The good news is that while Valentine’s scams might reach new peaks soon, protecting against them can be accomplished with simple tools like spam filtering on your email, restrictive personal firewall settings and a good dose of common sense. If you want to leverage the power of the Internet in your quest for love, stick to the well-known legitimate online dating services. And try to meet face-to-face before things get too hot and heavy. Ask yourself, if you can’t meet this person in person, should you really be wiring them money? So before you accept undying love and commitment, make sure you’re dealing with a real person, one who is who they say they are. If you try to meet and they suddenly “vanish” online, a shot at love may not really be lost, but your money and identity won’t be either.
ESET Security Expert