Sweetheart Scams: When Fraudsters Turn to Romance

It’s always heart breaking to see how people keep falling to good old fraud techniques, and while the recent wave of Sweetheart Scams carries a clear romantic notion, it’s actually one of the nastiest ploys on the market. “It’s too good to be true” has never been more highlighted than when the tall, handsome foreigner you had a digital relationship with ends up being a cyber con artist interested only in your bank account.

Most scams are the digital equivalent of the con artist developing a completely fake relationship with a person in order to steal her money, jewelry or – in case of industrial espionage – her company’s information. We’ve read about countless cases like these, seen countless movies and TV shows (remember the handsome fella in LOST?) and generally feel you have to be extra-stupid to fall for something like that. But when it comes to cyberspace, it’s getting more complicated. How can you trust ANYONE online?

Cybercriminals are exploiting this gap effectively, and are using online dating sites as the penetration point. They’ll befriend the victim and then steal their money. This interesting Netcraft blog shows how they deploy dating site phishing attacks so they can compromised people’s credentials and launch their scams without even using a stolen credit card to buy a subscription. And this article based on research by transaction monitoring company Guardian Analytics warns of the growing number of sweetheart scams online.

Sweetheart Scams are not just used as a way to attract new victims – but also to attract unsuspecting mules. One of our US customers, a Top 50 Bank, encountered an elaborate scam involving a fraudster in Nigeria and a US-based lady mule whom he ‘met’ online. Once the romantic relations between the two have been established, he asked his new girlfriend for a quick favor. The stories vary from one mule to another, but typically it would be something like this: I run a small business with multiple customers in US who complained about the fact they can’t easily send me money abroad. So honey, will you be so kind and accept those customers’ money transfers to your bank account, then go to the branch, get the cash and wire it to me via one of those international money wire services?

The bank found out the fraudster asked the mule to give her online banking credentials, and since we’ve been running our behavioral authentication for several months now at that bank, they asked us in BioCatch to see if we noticed anything suspicious in the account. What we found was that indeed two users with completely different behaviors were operating inside the account: the genuine user, and her digital sweetheart. Most of the fraudster's access was via local proxies in the US, except one case where they were probably in a hurry and connected from Nigeria. And we found another interesting thing.

The fraudster was pasting the user name during the login phase. That’s highly unusual: most people would either type the login or use auto-complete functions. Pasting the user name is very uncommon, but here’s the thing: this fraudster probably has dozens, if not hundreds, of sweethearts in the US; you can’t expect him to remember all their user names, right?