Looking for Love in All the Wrong Places

February 10, 2015
Proofpoint Staff

Just as love and romance are not limited to Valentine’s Day, every day is an opportunity for scammers to target the lonely, the lovelorn and the credulous. Although these scams seem on the surface to be unsophisticated and unlikely to succeed, their prominence and persistence show that they continue to snare victims. Examining examples of these scams detected in email and social media highlights the differences in these platforms for scammers and cybercriminals.

Unsolicited email has long been a medium for scammers to attempt to reach their victims. The example below is typical of these messages, which often feature even more salacious content, trading brevity for explicitness.

Clicking the link in the email opens this web page:

While the page does not appear to attempt to load any malware, it does solicit the victim’s credit card information in exchange for the prospect of a relationship with a woman from the site. Like other unsolicited email campaigns, millions of messages with this approach are sent every day from botnets around the world, and this high volume is an important attribute of these campaigns: with millions of recipients even a very low response rate will result in a successful campaign.

This dynamic is reversed in the social media versions of these scams: instead of trying to send a high volume of messages, social media dating scams capitalize on the fact that a single post on a popular site will be seen by thousands of potential victims, with the added advantage that they are already there looking for “that special someone” and so are more likely to take the bait than a random email recipient.

Proofpoint Nexgate has analyzed many of these scams and identified several key characteristics:

  • Occurs prolifically on Facebook pages of top dating sites
  • The posters pose as single, attractive females asking to chat and friend them
  • Request to move the conversation to a more personal messaging system, such as Yahoo messenger
  • Carefully scripted to say all the right things
  • Ask the victim for money

Below are examples of the “lure” posts from the Facebook pages of two popular online dating services:

From the Match.com Facebook page:

From the PlentyOfFish Facebook page:

Match and Plenty of Fish are both reputable services that have helped many people find successful relationships, and it is precisely their reputation and legitimacy that make their brands attractive targets for social media scammers.

Following one of these posts shows us a scam in action.

The user name leads to a page for the poster:

“Jessica’s” Facebook page shows an attractive, apparently single female. Interestingly, she has only five friends, and all were added today. Perhaps she’s new to Facebook?

Starting a chat with “Jessica” gets a quick response, and she immediately asks to move the conversation to Yahoo Instant Messenger:

The eagerness of the initial response becomes a tone of insistence as the exchange continues:

“Jessica” reveals personal details to gain confidence of victim and elicit feelings of sympathy and, hopefully, a desire to help.

Once the conversation has been moved to Yahoo Instant Messenger, the scammer asks the victim for money for a new computer, to be sent to her via Western Union on an account in the name of her aunt, “Kerry.”

When we search for Jessica’s aunt “Kerry,” we find from her Facebook page that Kerry looks an awful lot like Jessica, and that in fact she does not live in Australia after all.

A Google image search returns a third name for this person. Not only are all of the names likely false, but it is almost certain that all of these pictures are stolen. In addition, the links to image search results lead to adult content, and most likely malware and / or credit card scams like we saw in the original email example.

In short, in less than two hours the post by “Jessica” exhibited all of the signs of a social media dating scam, including asking for money through Western Union, which is the largest red flag of a scam. As we noted in our research on social media and the Super Bowl, social media inverts the model of malicious email because a single post on social media can reach thousands or even millions of potential victims.

For many people, social media has become a vital and essential part of their business and personal lives, and can provide many benefits, not the least of which is the opportunity to forge and draw strength from connections with individuals and communities. Because scammers and cybercriminals are always seeking to exploit this good for their own profit, users should beware of these and other scams. You can avoid social media data scams by being aware of the signs of a scammer:

  • Very eager to talk with you via chat or phone
  • Wants to move the conversation off the social media platform to a more personal messaging system
  • Says all the right things, including a tale of woe involving financial hardship
  • Avoids an in-person meeting with any possible excuse
  • Asks for money through Western Union