While much of the high-profile cybersecurity news of the past few years has involved state sponsors like Russia and North Korea, American individuals and businesses are far more likely to be targeted by West African crime groups. These groups, which frequently hail from Nigeria, account for a significant majority of the social engineering-based cyber attacks that American businesses encounter on a daily basis. In fact, previous Agari research indicates that 90 percent of BEC groups operate out of Nigeria.
Scarlet Widow is a Nigeria-based cybercriminal organization that has been in operation since at least 2015. Over the past four years, the group has continuously evolved their methods, testing new types of fraud and moving to more lucrative scams as their tactics evolve.
To date, we have fully identified three Scarlet Widow actors who top the group’s hierarchy, all of whom currently reside in Nigeria. Through extensive research and analysis, we have been able to connect these primary actors to specific scams and personas. The second report on Scarlet Widow, which we will release in late February 2019, covers more about the group’s members and structure, their transition to BEC attacks, and how they launder their fraudulent proceeds.
Each one is an alluring romantic partner—attractive, sensitive, and eager to find a life partner. Each one is also a fraud, custom-crafted to fill a gap in the life of a lonely heart, pry open their bank accounts, and heartlessly bleed them of every dollar they have—and then some.
The fake profiles, posted on a wide range of dating sites, include a photo of a handsome man or a beautiful woman scraped from social media sites. Many have a back story of loss or hardship endured—a parent who died young or a boyfriend caught cheating. Yet their faith in true love is undiminished.
From the scam artists targeting the elderly to taxi drivers conning foreigners arriving at an international airport, criminals tend to target the vulnerable. Scarlet Widow finds many of its victims by seeking out lonely people with limited options: older divorced people, farmers, and the disabled, to name a few.
They string their victims along for months or even years, always finding a new reason to request money, always finding an excuse for being unable to meet in person. Families and friends of the victims are often the first to realize what is going on and warn the victims. But by this point, the victims are often too emotionally invested in the imaginary relationship to see the truth.
While it’s true that con men have been exploiting human psychology since the dawn of time, the digital age has made their schemes easier and far more lucrative. As a result, romance scams that may have once been the stock-in-trade of lone cads and scoundrels are increasingly carried out by organized cybercriminal operations—mostly based in Nigeria, Ghana, England, and Canada.
Leveraging proven social engineering techniques, these fraudsters nurture emotional bonds with their prey, first via social media or dating sites, and later by email. It’s just a matter of time before these counterfeit Romeos begin conning their victims out of money—and sometimes into a life of crime.
Though the BBB estimates losses approaching $1 billion since 2015, exact figures on the financial damage that stem from these schemes are hard to come by since the vast majority of incidents go unreported.
In the United States, these attacks primarily target women over 40, who also suffer the highest losses from these rackets, at nearly $70 million last year. According to support group RomanceScams.org, the average loss per victim is $12,000. But some lose much more, like the recent case of a Houston woman in her 50s, who the FBI reports lost her entire $2 million life savings to the con artist she believed she loved.
Within Scarlet Widow itself, members of the group created dozens of fake profiles on a variety of different dating sites. While they hit the popular dating sites like Match, eHarmony, and OKCupid, the group also targeted relationship seekers on more specialized sites, such as Dating4Disabled.com, Farmers Dating Site, and DivorcedPeopleMeet.com. Farmers in rural areas and people with disabilities are at higher risk of isolation and loneliness, making them especially vulnerable targets.
Religion is a major theme that is injected into most of these emails and, based on observations of the group’s successful romance scams, it is clearly an area the group actively tries to exploit. This is likely one way to test willingness to fall for the scam, and a way to build connection and trust with religious-minded victims.