cybersecurity

3834 readers

122 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

[email protected]

[Social Engineering] My Scammer Girlfriend: Baiting A Romance Fraudster. (www.bentasker.co.uk)

submitted 3 days ago by Tea to c/[email protected]

4 comments fedilink hide all child comments

At the beginning of the year, a spate of very similar mails appeared in my spam-box. Although originating from different addresses (and sent to different recipients), they all appeared to be the opener for the same romance scam campaign.

Romance fraud is increasingly common and campaigns can extort large sums from victims, who are often quite vulnerable and lonely.

If you found this page because you think that you might be being targeted, speak to Crimestoppers or Action Fraud.

When stories of romance fraud hit the news, we often hear that the victim had become extremely attached to the scammer, but very little on how they got engineered into that position.

At it's heart, romance fraud relies on social engineering and I was curious to see what techniques were actually being used. I'm no particular stranger to scam baiting, so I decided to masquerade as a mark and see how the campaign was run (as well as what, if anything, I could engineer out of the fraudster).

The emails that I'd received were all associated with one persona: "Aidana", who claimed to be a dentist in Kazakhstan.

This post analyses the scammers approach, systems and material, sharing some of what I was able to learn over the course of a few weeks of back and forth.

top 4 comments

sorted by: hot top controversial new old

[–] [email protected] 10 points 2 days ago

And again, a word of caution: leave the baiting to the professionals. It can be really easy to accidentally drop your opsec, and these people are usually being managed by organized crime syndicates that can have more reach than you’d expect.

[–] [email protected] 6 points 3 days ago (1 children)

Really good read. Worth it for anyone with the time to devote to a long post

[–] [email protected] 6 points 3 days ago

Agreed!

Not the first time I've read through one of these scam-baiting articles and I'm sure it won't be the last. It's quite fascinating how they work.

[–] [email protected] 2 points 2 days ago

I wonder if it would work to do this, except instead of scamming, gradually substitute your messages with those of another target, so ultimately they get set up with each other for real