Email Security Blog

Scarlet Widow Breaks Hearts and Empties Wallets via Romance Scam Operations

Crane Hassold February 14, 2019 Cybercrime

With Valentine’s Day celebrated around the world, today is a day full of love and joy—especially for those in committed relationships. People around the globe are celebrating their relationships by sending flowers and chocolates, enjoying fancy dinners, and writing love notes in greeting cards. Unfortunately, not all relationships are legitimate, and not everyone sees today as a celebration of love.

In fact, the Agari Cyber Intelligence Division (ACID) has been tracking a Nigeria-based cybercriminal organization we’ve named Scarlet Widow since late 2017, and today we released a report their tactics, including how they target vulnerable populations via romance scams. To date, we have fully identified three Scarlet Widow actors who top the group’s hierarchy, all of whom currently reside in Nigeria. Through extensive research and analysis, we have been able to connect these primary actors to specific scams and personas.

Scarlet Widow creates these fake personas, including the very successful “Laura Cahill,” a supposed Texan model working in Paris, on large dating websites like March, eHarmony, and OKCupid. But what makes their model different than others is the fact that they also target more specialized relationship seekers on sites like Dating4Disabled.com, FarmersDatingSite.com, and DivorcedPeopleMeet.com. This is likely due to the fact that Scarlet Widow believes that these populations (individuals that are disabled, divorced, or live in rural areas) are more vulnerable, and thus easier to con out of money.

Once “Laura Cahill” or another one of their successful personas receives a response from someone, the scammer engages with the potential victim—talking about her faith in God and the importance of trust in a relationship.
Romance Scam Example Email

Eventually, Scarlet Widow sends an email asking for money, in this case, so Laura can leave her modeling position in Paris and travel back to the United States to meet the victim. Unfortunately, once victims send the money, Laura’s plans (unsurprisingly) fall through and she continues to come up with excuses for why they can never meet, all the while continuing to ask for money. Our report dives deep into one case study of a man named “Robert Blackwell,” who was conned out of more than $50,000 before Scarlet Widow stopped responding to his emails.

As Scarlet Widow became more advanced in their tactics, they eventually switched from romance scams to business email compromise—a move that resulted in additional money at a fraction of the time invested in the con. Later this month, we will be releasing a second report on Scarlet Widow that explores the group’s transition to BEC scams and how they launder their illicit proceeds through online services.

Learn more about how romance scams work by downloading Scarlet Widow: Breaking Hearts for Profit.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

August 13, 2019 Crane Hassold

The “I’s” Have It: How BEC Scammers Validate New Targets with Blank Emails

Have you ever received a blank email from someone you don’t know? If you have,…

Agari Blog Image

July 23, 2019 James Linton

Weaponizing Accounts Receivable: How Scammers Use Aging Reports to Target Your Customers

Receipts and invoices—two accounting powerhouses that require little introduction. But step a little further into…

Agari Blog Image

July 10, 2019 Ronnie Tokazowski

‘Til Death Do Us Part… Romance Scams and the BEC Game

When we think of business email compromise (BEC), the first thing that comes to mind…

Agari Blog Image

June 5, 2019 Crane Hassold

From One to Many: Scattered Canary Evolves from One-Man Startup to BEC Enterprise

There is no denying that business email compromise (BEC) is big business, with losses exceeding…

Agari Blog Image

April 25, 2019 Crane Hassold

Bitcoin: The Next Evolution in BEC Cash Out Methods?

Historically, business email compromise (BEC) threat actors have used wire transfers as a means to…

mobile image