Phishing for Romance
Phishing is a form of social engineering in which an attacker, also known as a phisher, attempts to deceptively repossess genuine users’ private or sensitive qualifications by mimicking electronic connections from a trustworthy or public organization in an automated fashion (Jakobsson, 2007). Phishing techniques circumvent an organization or individual’s security measure. It nullifies any firewalls, authentication software, and encryption due to the fact that most “phisers” nowadays uses social engineering to entice possible targets.
Attackers can use different methods in phishing which can vary from a simple phone phishing to website forgery.
The most commonly used method is via e-mail. Attackers can send large amount of e-mails by the use of bot-nets or zombie nets. They will inbox a number of fraudulent e-mails which has links to direct them to a phishing website.
Modified versions of this method is been seen throughout the years and the profile of possible targets also changes. One version is the so-called Romance Scam. Victims would receive an email from an individual stating that he/she saw your account on a social network and proclaims his/her “love”.
Men and women in their mid 40s to 70s with a status of separated or windowed are most likely the target of this scam. Once contact is made, the primary goal of the “lover” is to create a rapport with the victim. He/she would tell the victim that he’s/she’s an engineer for a company with a young daughter and currently based in London or California.
The “lover” will send countless love poems or letters, which are likely copy pasted, to the victim justifying his/her eternal love. Once the victim is groomed, the ‘lover” would pitch in that he/she wants to marry the victim and promises to send money to buy their dream house.
Victims will be subjected to an ecstatic feeling of joy thus overriding their common senses.
Now that the victim is “hooked”, the scam artist will create a story on how the victim can receive the promised money.
They will be instructed that an e-mail coming from a bank containing a transaction slip is needed to be process and signed by the victim.
The transaction slip is almost a true copy of the real one but with some modifications. Some of which contains a part where the victim needs to indicate the CVN/PIN number of her/his credit card or bank account. Signature of the victim is also needed to be indicated and once receive by the scam artist, the account or credit card will be use fraudulently to purchase items.
This is a good example that emotions can contribute in the success of fraudulent activities. We are just human to commit errors but it’s not a reason not to be vigilant. In preventing, users should practice better judgment and not fall to false pretenses.
The technically savvy should not dismiss the facts that technology is also a factor. The lack of information or outdated information greatly contributes to this issue. Developers must go beyond blaming users if they expect to deploy effective countermeasures against phishing attacks (Hong, 2012).
Tell Tale Signs of a Romance Scam
- Indication that your profile was seen on a social website
- Attackers proclaim their “love” the minute you answer their e-mails
- The usage of an appealing intro like an engineer for a petroleum company, widowed architect, a businessman traveling from country to country. Followed by the heartwarming indication that his/her spouse has died in an accident leaving a young daughter.
- Asking about personal information regarding bank accounts, credit cards and other monetary information
- Asking for monetary assistance for certain circumstances like being held in the airport by customs officials, certain tax needed to be paid for a luxury item
- Promising ridiculous amounts of money to the victim
- When chatting with the scammer, his accent is clearly not of his said birthplace
- Jakobsson, M. and Myers S. (2007) “Phishing and Counter measures: To Understand the Rising Dilemma of Electronic Individuality Theft”: John Wiley & Sons Inc.
- Hong, J. (2012) “The State of Phishing Attacks” Communications of the ACM, Vol. 55 No. 1, Pages 74-81
CTO at ITweetLive.com