Scammer of a Lonely Heart

It’s time for a risqué subject: looking for love on the internet. With a myriad services promising chemistry-driven matches, dating game contestants have flocked to web services and apps. Despite this proliferation of new avenues, those in a particular rush to find company (in the form of ‘No Strings Attached’ encounters) have turned to a more familiar and less regulated referral service, Craigslist.

Unfortunately, the probabilities of communicating with another human being are astronomically low thanks to the high saturation of bots and spamming services. The fake listings are almost exclusively targeted at a male audience interested in immediate availability and promise a multiple amenities for making fantasies come true. Upon responding to the listing, the user receives several staggered responses from different ‘women’ (including pictures) claiming that they’d like to meet, demanding pictures in return, and stating their less-than-demanding criteria for meeting up in person.

Bots eager to meet!
Bots eager to meet!

A cybercriminal’s motivation is almost exclusively monetary and this is no exception. Tapping into theprudent fear of meeting someone off of the internet for a private interaction, the user is directed to a custom ‘verification site’ where they are given the opportunity to prove their age and good intentions… for a fee.

Preference: Bot4Male, not B4B
Preference: Bot4Male, not B4B

As if passing themselves off as eager women weren’t enough, the cybercriminals employ other social engineering tactics like claiming a variety of well-known safety and security certifications as well as mainstream media exposure.

Just because you read it on the internet doesn't make it true
Just because you read it on the internet doesn’t make it true

Interestingly, while the spam emails are the same, the domains keep shutting down and being replaced by new ones, each designed with a similar template and registered under a whois privacy guarding service. These templates are being used for websites targeted at both U.S. and U.K. users.

As if paying 99 cents to arrange a non-existent meeting weren’t enough, there are reports that subsequent charges are made for embarrassing subscription services in amounts far surpassing the verification fee.

Knowing that these sorts of social engineering threats are best thwarted by the user’s judgment, Kaspersky Lab is committed to educating users to avoid high risk situations. There are several red flags one should look out for in this situation:

  • Scams like these skirt the edge of acceptable online interactions by emulating legitimate resources like social networks, displaying fake indicators of trust like secure website logos, or even claiming mainstream acceptance through would-be endorsements from recognizable news channels.
  • Similarly, users should be wary of ‘bot behaviors’, as in the case of email correspondences where replies are not cogent and do not flow naturally.
  • Finally, while the allure of meeting new people for quick encounters may be enough for some to set their better judgment aside, providing credit card information should always be a red flag when dealing with little known services of questionable intent.

You can follow me on twitter: @juanandres_gs

Scammer of a Lonely Heart

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox