Email Security Blog

Scarlet Widow Breaks Hearts and Empties Wallets via Romance Scam Operations

Crane Hassold February 14, 2019 Cybercrime

With Valentine’s Day celebrated around the world, today is a day full of love and joy—especially for those in committed relationships. People around the globe are celebrating their relationships by sending flowers and chocolates, enjoying fancy dinners, and writing love notes in greeting cards. Unfortunately, not all relationships are legitimate, and not everyone sees today as a celebration of love.

In fact, the Agari Cyber Intelligence Division (ACID) has been tracking a Nigeria-based cybercriminal organization we’ve named Scarlet Widow since late 2017, and today we released a report their tactics, including how they target vulnerable populations via romance scams. To date, we have fully identified three Scarlet Widow actors who top the group’s hierarchy, all of whom currently reside in Nigeria. Through extensive research and analysis, we have been able to connect these primary actors to specific scams and personas.

Scarlet Widow creates these fake personas, including the very successful “Laura Cahill,” a supposed Texan model working in Paris, on large dating websites like March, eHarmony, and OKCupid. But what makes their model different than others is the fact that they also target more specialized relationship seekers on sites like Dating4Disabled.com, FarmersDatingSite.com, and DivorcedPeopleMeet.com. This is likely due to the fact that Scarlet Widow believes that these populations (individuals that are disabled, divorced, or live in rural areas) are more vulnerable, and thus easier to con out of money.

Once “Laura Cahill” or another one of their successful personas receives a response from someone, the scammer engages with the potential victim—talking about her faith in God and the importance of trust in a relationship.
Romance Scam Example Email

Eventually, Scarlet Widow sends an email asking for money, in this case, so Laura can leave her modeling position in Paris and travel back to the United States to meet the victim. Unfortunately, once victims send the money, Laura’s plans (unsurprisingly) fall through and she continues to come up with excuses for why they can never meet, all the while continuing to ask for money. Our report dives deep into one case study of a man named “Robert Blackwell,” who was conned out of more than $50,000 before Scarlet Widow stopped responding to his emails.

As Scarlet Widow became more advanced in their tactics, they eventually switched from romance scams to business email compromise—a move that resulted in additional money at a fraction of the time invested in the con. Later this month, we will be releasing a second report on Scarlet Widow that explores the group’s transition to BEC scams and how they launder their illicit proceeds through online services.

Learn more about how romance scams work by downloading Scarlet Widow: Breaking Hearts for Profit.

Agari Blog Image

December 16, 2021 John Wilson

Common Phishing Email Attacks | Examples & Descriptions

What does a phishing email look like? We've compiled phishing email examples to help show…

Agari Blog Image

December 8, 2021 John Wilson

What Is Email Phishing? [How to Protect Your Enterprise]

Phishing emails can steal sensitive data and cost companies' reputation. However, protecting a company from…

Envelope with skull and cross-bones

December 1, 2021 John Wilson

Identifying and Mitigating Email Threats

Email  threats are ever evolving, and it’s important to stay up to date. Here are…

Woman-shopping on cell phone

November 30, 2021 Mike Jones

It’s the Most Wonderful Time of the Year… for Cybercriminals

The holiday season is upon us, which means it’s also the busiest time of the…

Combination lock with security badge showing locked

October 28, 2021 John Wilson

Email Protection: Tools for Maximum Security

If you haven’t protected your email yet, you’re open to attacks. This comprehensive guide explains…

mobile image