Email Security Blog

Scarlet Widow Breaks Hearts and Empties Wallets via Romance Scam Operations

Crane Hassold February 14, 2019 Cybercrime

With Valentine’s Day celebrated around the world, today is a day full of love and joy—especially for those in committed relationships. People around the globe are celebrating their relationships by sending flowers and chocolates, enjoying fancy dinners, and writing love notes in greeting cards. Unfortunately, not all relationships are legitimate, and not everyone sees today as a celebration of love.

In fact, the Agari Cyber Intelligence Division (ACID) has been tracking a Nigeria-based cybercriminal organization we’ve named Scarlet Widow since late 2017, and today we released a report their tactics, including how they target vulnerable populations via romance scams. To date, we have fully identified three Scarlet Widow actors who top the group’s hierarchy, all of whom currently reside in Nigeria. Through extensive research and analysis, we have been able to connect these primary actors to specific scams and personas.

Scarlet Widow creates these fake personas, including the very successful “Laura Cahill,” a supposed Texan model working in Paris, on large dating websites like March, eHarmony, and OKCupid. But what makes their model different than others is the fact that they also target more specialized relationship seekers on sites like,, and This is likely due to the fact that Scarlet Widow believes that these populations (individuals that are disabled, divorced, or live in rural areas) are more vulnerable, and thus easier to con out of money.

Once “Laura Cahill” or another one of their successful personas receives a response from someone, the scammer engages with the potential victim—talking about her faith in God and the importance of trust in a relationship.
Romance Scam Example Email

Eventually, Scarlet Widow sends an email asking for money, in this case, so Laura can leave her modeling position in Paris and travel back to the United States to meet the victim. Unfortunately, once victims send the money, Laura’s plans (unsurprisingly) fall through and she continues to come up with excuses for why they can never meet, all the while continuing to ask for money. Our report dives deep into one case study of a man named “Robert Blackwell,” who was conned out of more than $50,000 before Scarlet Widow stopped responding to his emails.

As Scarlet Widow became more advanced in their tactics, they eventually switched from romance scams to business email compromise—a move that resulted in additional money at a fraction of the time invested in the con. Later this month, we will be releasing a second report on Scarlet Widow that explores the group’s transition to BEC scams and how they launder their illicit proceeds through online services.

Learn more about how romance scams work by downloading Scarlet Widow: Breaking Hearts for Profit.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

June 5, 2019 Crane Hassold

From One to Many: Scattered Canary Evolves from One-Man Startup to BEC Enterprise

There is no denying that business email compromise (BEC) is big business, with losses exceeding…

Agari Blog Image

April 25, 2019 Crane Hassold

Bitcoin: The Next Evolution in BEC Cash Out Methods?

Historically, business email compromise (BEC) threat actors have used wire transfers as a means to…

Agari Blog Image

April 18, 2019 Ronnie Tokazowski

Do You Know Where Your W-2 Is? Probably Where You Left It

It’s like clockwork. Every year around tax time security vendors (even us!) push out warnings…

Agari Blog Image

April 4, 2019 Crane Hassold

Evolving Tactics: London Blue Starts Spoofing Target Domains

In December, the Agari Cyber Intelligence Division (ACID) published a report on a business email…

Agari Blog Image

March 27, 2019 Ronnie Tokazowski

Why iTunes? A Look into Gift Cards as an Emerging BEC Cash Out Method

One of the trends that has been slowly creeping up across the BEC threat landscape…

mobile image