Often in the InfoSec community, a lot of attention is given to new and innovative malware variants and how they infect a user to turn them from daily user to victim. This has led to a view that most hackers and cybercriminals are incredibly tech-savvy and can code lines at a rate of hundreds per minute. Often, what has worked for confidence artists for years also works now in a digital age. In April of this year, this publication covering how sextortion scammers were changing tactics after their profits took a significant knock as victims were advised not to pay as the likelihood of the criminals having incriminating or embarrassing material was incredibly unlikely. Now the US Federal Bureau of Investigation warns of another scam which combines a romance scam with a money mule scam.
In a money mule scam people are often tricked into transferring money from an illegitimate source to either another illegitimate source or more commonly to a legitimate source in an attempt to launder the money. Money gained from ransomware campaigns, for example, needs to be laundered so it can be used more efficiently by criminal organizations. Previously to try and trick people, the scam would involve fake job or ad postings which prompted victims to transfer funds to fake businesses. The victim’s believed they were a legitimate partner in the business but landed up laundering money for a cybercriminal or other criminal enterprise. The other side of the coin is a romance scam, sometimes also called a confidence scam, which involves the criminals trawling dating and friendship sites. These often play out with the criminal befriending a man or women, in an attempt to gain their trust, once the victim's trust is gained the con begins with the other party asking for money to be sent over. This can be for a variety of supposed reasons whether flights, bail, or legal fees. Of course, the money is never used for this but pocketed by the criminal.
Now the FBI warns that scammers are combining the two scams which pose a new threat to users. Initially, the scam starts as a romance scam with those of questionable intent trawling dating and companion websites attempting to gain users’ trust.
Once trust is gained, the scam switches tactics and rather than asking for money for a supposed flight, or desperately needed legal fees, the victim is recruited to be a money mule. As the FBI explains,
“Actors groom their victims over time and convince them to open bank accounts under the guise of sending or receiving funds. These accounts are used to facilitate criminal activities for a short period. If the account is flagged by the financial institution, it may be closed and the actor will either direct the victim to open a new account or begin grooming a new victim…In other situations, the actor claims to be a European citizen or an American living abroad. After a few months of developing trust, the actor will tell the victim about a lucrative business opportunity. The actor will inform the victim investors are willing to fund the project, but they need a U.S. bank account to receive funds…The victim is asked to open a bank account or register a limited liability company in the victim's name and then to receive and send money from that account to other accounts controlled by the actor.”
What’s the danger?
As the victim does not seem to lose any money, the apparent danger of the scam could be downplayed. There are legal and financial factors to be considered by falling victim to the scam. The victim may be charged with assisting in the crime of laundering money. The victim could face imprisonment if they cannot prove that they indeed were a victim of such a scam. Been charged with a crime, even if found innocent, can further cost the victim in terms of legal fees. There might not be an immediate financial loss but the scam can be very costly in the long run. To this extent, the FBI warns that despite many of these sites monitoring and investigating complaints, it is always possible that users misrepresent themselves to the detriment of others.
To keep users safe the FBI has listed some tell-tale signatures of such scams. These include:
- Immediate requests to talk or chat on an email or messaging service outside of the dating site.
- Claims that your introduction was “destiny” or “fate,” especially early in communication.
- Claims to be from the U.S. but is currently living, working, or traveling abroad.
- Asks for money, goods, or any similar type of financial assistance, especially if you have never met in person.
- Asks for assistance with personal transactions (opening new bank accounts, depositing or transferring funds, shipping merchandise, etc.).
- Reports a sudden personal crisis and pressures you to provide financial assistance. Be especially wary if the demands become increasingly aggressive.
- Tells inconsistent or grandiose stories.
- Gives vague answers to specific questions.
- Claims to be recently widowed or claims to be a U.S. service member serving overseas.
- Disappears suddenly from the site then reappears under a different name using the same profile information.
The FBI also advises people to:
- Never send money to someone you meet online, especially by wire transfer.
- Never provide credit card numbers or bank account information without verifying the recipient’s identity.
- Never share your Social Security number or other personally identifiable information that can be used to access your accounts with someone who does not need to know this information.
Falling victim to such a scam can be a very embarrassing affair, if not a legal nightmare. Scammers prey on our desires and even the most skeptical soul can fall victim. If you do fall, victim, it is advised that you inform local law enforcement and your financial institution. By doing this you could help law enforcement catch those involved and stop others from being preyed upon.