Email Security Blog

Scarlet Widow Breaks Hearts and Empties Wallets via Romance Scam Operations

Crane Hassold February 14, 2019 Cybercrime

With Valentine’s Day celebrated around the world, today is a day full of love and joy—especially for those in committed relationships. People around the globe are celebrating their relationships by sending flowers and chocolates, enjoying fancy dinners, and writing love notes in greeting cards. Unfortunately, not all relationships are legitimate, and not everyone sees today as a celebration of love.

In fact, the Agari Cyber Intelligence Division (ACID) has been tracking a Nigeria-based cybercriminal organization we’ve named Scarlet Widow since late 2017, and today we released a report their tactics, including how they target vulnerable populations via romance scams. To date, we have fully identified three Scarlet Widow actors who top the group’s hierarchy, all of whom currently reside in Nigeria. Through extensive research and analysis, we have been able to connect these primary actors to specific scams and personas.

Scarlet Widow creates these fake personas, including the very successful “Laura Cahill,” a supposed Texan model working in Paris, on large dating websites like March, eHarmony, and OKCupid. But what makes their model different than others is the fact that they also target more specialized relationship seekers on sites like Dating4Disabled.com, FarmersDatingSite.com, and DivorcedPeopleMeet.com. This is likely due to the fact that Scarlet Widow believes that these populations (individuals that are disabled, divorced, or live in rural areas) are more vulnerable, and thus easier to con out of money.

Once “Laura Cahill” or another one of their successful personas receives a response from someone, the scammer engages with the potential victim—talking about her faith in God and the importance of trust in a relationship.

Romance Scam Example Email

Eventually, Scarlet Widow sends an email asking for money, in this case, so Laura can leave her modeling position in Paris and travel back to the United States to meet the victim. Unfortunately, once victims send the money, Laura’s plans (unsurprisingly) fall through and she continues to come up with excuses for why they can never meet, all the while continuing to ask for money. Our report dives deep into one case study of a man named “Robert Blackwell,” who was conned out of more than $50,000 before Scarlet Widow stopped responding to his emails.

As Scarlet Widow became more advanced in their tactics, they eventually switched from romance scams to business email compromise—a move that resulted in additional money at a fraction of the time invested in the con. Later this month, we will be releasing a second report on Scarlet Widow that explores the group’s transition to BEC scams and how they launder their illicit proceeds through online services.

Learn more about how romance scams work by downloading Scarlet Widow: Breaking Hearts for Profit.

Leave a Reply

Your email will not be published. All fields are required.

February 5, 2019 Ronnie Tokazowski

BEC Actors Exploiting Gmail “Dot Accounts” for Fun and Profit

Crane Hassold is the Sr. Director of Threat Research at Agari, where he leads an…

December 6, 2018 Crane Hassold

How an Elite Counterintelligence Team Investigates BEC Scams Worldwide

Crane Hassold is the Sr. Director of Threat Research at Agari, where he leads an…

November 28, 2018 Crane Hassold

Why Just Play Defense Against Cybercriminals When You Can Do So Much More?

Crane Hassold is the Sr. Director of Threat Research at Agari, where he leads an…

February 22, 2018 John Wilson

Email Phishing Scam Continues to Target College Students

Crane Hassold is the Sr. Director of Threat Research at Agari, where he leads an…

February 2, 2018 Agari

Tax season is open – and W-2 scammers are back in force

Crane Hassold is the Sr. Director of Threat Research at Agari, where he leads an…

mobile image