Tales from a Social Engineer – Romance Scams

Tales from a Social Engineer – Romance Scams

Internet dating is a great thing. No longer are you reliant on bumping into that future special someone in a bar, at the workplace, or in the local coffee shop. As humans, our world has never been so connected, our reach so vast and now even finding love the same is true. Firstly, let’s just start by accepting internet dating is a thing and has been a thing before the world went into various states of lockdown, it has been around pretty much since the widespread use of the internet itself. Sure, the popularity has increased with the almost gamification of it (of which the effects on human behaviour are not going to be a topic covered in this blog) more and more people are on internet dating sites/apps and it has become more socially acceptable. But with that rise in popularity, the Phishing Fraudsters are not far behind.

A victim’s story –

Whoa, right? So, in the research I did for this episode I came across more and more blogs from victims just like this (I will include the link to said blogs at the end of this piece). They all have the same things in common.

So, what is a romance scam and how does it tie into Social Engineering?

Well, let’s start with the breakdown of how it unfolds. It starts with a profile designed to draw the target in. Photos stolen from a non-private Instagram account, for example, in this new age a scammer does not need to use a great amount of effort in creating the initial hook. Simply find a non-private social media account of a good-looking person and steal the content for use in the scam.

The next step is the real start of the Social Engineering tradecraft. Make contact! The scammer needs to make that initial contact with a potential victim and start building rapport. Let’s be honest if someone messaged you out of the blue on a dating site and started asking for money straight away you would in all likeliness block and report the profile without a second thought. So how do they do it?

Simply by making conversation, this is more of a long con. Which in all honesty is why it is such a disgusting scam, but more on that shortly. The scammer will build the story at this point it would involve messaging and sending more photo’s acting like they were just taken for the purpose of sending direct to the intended victim. By doing so and asking for nothing in return they are starting to build trust. They will likely try to gain additional contact information too normally moving to WhatsApp or email and away from the security offered by the dating platform.

Now comes the pull, the victim and the scammer have been trading messages and maybe even pictures for weeks, months. The victim feels a connection to this person who they have never even met in person. Now at this point, the scammer shows some teeth, depending on the pretext –

Few Common Romance Scam Pretexts:

• A soldier serving overseas.
  
• Entrepreneur businessperson.
  
• “Scammers” doctor as they are now in hospital.

The scammer will start to ask for money. Let us take the business trip for this example. The victim will receive a message saying how the scammer has a big business meeting or deal that will make them wealthy and of course after this, they will come and meet the victim. The only problem is <insert reason why they cannot pay the required amount here> they need some money to be able to get to the meeting.

Now this meeting will require a flight to justify the amount that they are asking for. Once the victim agrees, details are given as to how to make the payment.

At this point, most victims realise it is a scam either right before paying or shortly after once the scammer then tries to ask for more. But that is not always the case and some people end up losing thousands and thousands.

So why does it work? It is all about building then abusing trust. The whole basis for the scam is to play on human nature. As humans we are inherently social creatures, we crave companionship and belonging. Even more so given the global pandemic. With a romance scam the social engineer is playing on those very traits which most of us have. The scammer is offering exactly what the victim is looking for and builds on the trust only to abuse it when moment is right.

How to spot one!

• Inconsistent backstories.
  
• Constant excuses as to why they cannot meet in person.
  
• Will not answer video calls or possibly voice.
  
• “Recently” taken images not quite right with the weather in the place they were taken (sunny morning in Paris, during two weeks of heavy rain for example).
  
• Ultimately asking for money when you have never met in person.

These are some clear indicators to watch out for with romance scams. Personally, I find these the lowest of the low when it comes to Social Engineering attacks. It is something that damages the victim’s long term beyond financial loss.

Normally I want to sign these off with a thought-provoking statement but in this case, I want to just leave the link to a blog of romance scam victims. Stories of Romance Scams

If you enjoyed this blog from ‘Tales from a Social Engineer’ then you may enjoy our other Social Engineering Blogs.

‍