Scammer of a Lonely Heart

It’s time for a risqué subject: looking for love on the internet. With a myriad services promising chemistry-driven matches, dating game contestants have flocked to web services and apps. Despite this proliferation of new avenues, those in a particular rush to find company (in the form of ‘No Strings Attached’ encounters) have turned to a more familiar and less regulated referral service, Craigslist.

Unfortunately, the probabilities of communicating with another human being are astronomically low thanks to the high saturation of bots and spamming services. The fake listings are almost exclusively targeted at a male audience interested in immediate availability and promise a multiple amenities for making fantasies come true. Upon responding to the listing, the user receives several staggered responses from different ‘women’ (including pictures) claiming that they’d like to meet, demanding pictures in return, and stating their less-than-demanding criteria for meeting up in person.

Bots eager to meet!
Bots eager to meet!

A cybercriminal’s motivation is almost exclusively monetary and this is no exception. Tapping into theprudent fear of meeting someone off of the internet for a private interaction, the user is directed to a custom ‘verification site’ where they are given the opportunity to prove their age and good intentions… for a fee.

Preference: Bot4Male, not B4B
Preference: Bot4Male, not B4B

As if passing themselves off as eager women weren’t enough, the cybercriminals employ other social engineering tactics like claiming a variety of well-known safety and security certifications as well as mainstream media exposure.

Just because you read it on the internet doesn't make it true
Just because you read it on the internet doesn’t make it true

Interestingly, while the spam emails are the same, the domains keep shutting down and being replaced by new ones, each designed with a similar template and registered under a whois privacy guarding service. These templates are being used for websites targeted at both U.S. and U.K. users.

As if paying 99 cents to arrange a non-existent meeting weren’t enough, there are reports that subsequent charges are made for embarrassing subscription services in amounts far surpassing the verification fee.

Knowing that these sorts of social engineering threats are best thwarted by the user’s judgment, Kaspersky Lab is committed to educating users to avoid high risk situations. There are several red flags one should look out for in this situation:

  • Scams like these skirt the edge of acceptable online interactions by emulating legitimate resources like social networks, displaying fake indicators of trust like secure website logos, or even claiming mainstream acceptance through would-be endorsements from recognizable news channels.
  • Similarly, users should be wary of ‘bot behaviors’, as in the case of email correspondences where replies are not cogent and do not flow naturally.
  • Finally, while the allure of meeting new people for quick encounters may be enough for some to set their better judgment aside, providing credit card information should always be a red flag when dealing with little known services of questionable intent.

You can follow me on twitter: @juanandres_gs

Scammer of a Lonely Heart

Your email address will not be published. Required fields are marked *



Focus on DroxiDat/SystemBC

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

APT trends report Q2 2023

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Subscribe to our weekly e-mails

The hottest research right in your inbox