Today I received a request from a Polish woman that I know. She wanted my advice about an email that she had received from some guy she didn’t know. She was about to respond to it but, knowing that I write on security matters, she decided to check with me first. Luckily for her, she did. When I read the forwarded email, it was clear at once that she had received a romance scam letter. But why had she almost responded? What elements did the writer use to lure her in?
I have written about these scams in the past (Phishing with Naked Women and Romantic Lures), and have categorized them as something I call salmon phishing. This is a type of email phishing that targets basic human instincts and needs. They appeal to greed, power, sex, love/romance, and sympathy. As such, they manage to bypass the logic filter, just as a salmon won’t listen to logic when he is about to head upriver to spawn and die. That’s what makes these email scams so powerful and, potentially, dangerous to companies and organizations. Almost everyone knows the emails are scams, but they can’t seem to stop the hope that they are not. A properly designed letter could compromise a company in the same way any other phishing scam could. It would just use a more deadly angle.
Anyway, here is the letter my friend received. You will probably see through it right away as I did, but that’s easy for us to say. We were not its target. Later, I will analyze the letter in more detail.
Derrick Hayes <firstname.lastname@example.org>
Thanks for your quick response,I’m Derrick James Hayes,a USA Army Officer am a faithful person have one son called Mike i lost my parents at the age of 12 in a plane crash.so i don’t have any family expect my son am the Warrant Offices in the army .i have been in the army for the past 27 years and will be coming home by the end of next month as am ready to retired when i come home,At the moment i don’t have any plans for the future yet when i retire but looking forward to have a woman with a caring heart to spend the rest of my life together with. I’m am serious with what ever i do and i don’t play games..Take care and i will be waiting for your response
First of all, if anyone happens to know this poor guy, will you please tell him his pictures are being used by a number of these scammers? Several other photos of him that I found lead me to conclude that his webcam may have been compromised. In addition, his head is often Photo Shopped (badly) onto other images. He is often seen in a military uniform.
Now, the first question I asked was, why did the scammer target a Polish woman? How did he know she even spoke English? This is not clear from her Facebook site, which is primarily in Polish. I did not ask her, but she may have posted some personal information elsewhere in English, such as on a dating site.
After looking into this further, I found that targeting nonnative English speakers is becoming more common. It could be because it has become well known among these scammers that they are often exposed by their use of English. Targeting a nonnative speaker may make their errors less obvious. It certainly triggered no warnings in the woman who got this email.
Here is a closer look at some of the blunders that gave him away and some of the approaches that almost succeeded.
1. Hello J***
Actually, this is her family name. Of course, even an American could be confused. It is not the first name she uses on her Facebook account but it does form the main part of her email address. It’s possible she uses this as a nickname on some other site.
2. Thanks for your quick response
Response to what? There never was an initial letter from her, but this is common in these letters. They start off acting like they already know you.
3. no spaces after punctuation
Common in these letters.
4. I’m Derrick James Hayes,a USA Army Officer am a faithful person have one son called Mike
Here’s where a native speaker would definitely see the red flags go up. USA Army Officer? Notice the lack of the pronoun, ‘I’ before am, a very common tipoff that this is from a Ghanaian scammer. These scammers are always “faithful”. Oddly, he has a son called Mike, which is the same name as the woman’s son. Did he do his research well or was he just lucky? In any event, this establishes some commonality, a bond: see how much alike we are? He was in the military and such men, especially those that are retiring, seem like a good catch for most women.
5. i lost
Very common not to capitalize ‘I’
6. i lost my parents at the age of 12 in a plane crash.so i don’t have any family expect my son
I think he meant, ‘except’, but it may be taken for a typo by a native speaker. In other emails under other identities, he has never corrected this error. The key here is that he’s trying the sympathy angle, which would definitely work on this woman. Other studies have found that women are more sympathetic than men. However, she may ask, where is your wife? More on this later.
7. i have been in the army for the past 27 years and will be coming home by the end of next month as am ready to retired when i come home,
This is the sentence that actually enabled me to track him down. He uses it with all his stolen identities. I don’t need to point out the stylistic problems, but even a native-English-speaking woman may ignore this because it is overridden by the sympathy element of the previous sentence. That’s the point with these scams and with romance in general. We are willing to overlook things we may not normally overlook. One woman on the romancescam.com website said that she knew it was a scam, but when the scammer asked for $40 for groceries for his son, she sent him the money. You figure it out. Anyway, I should point out that there is a similar website, romancescams.com (notice the plural) which seems more like a scam itself.
8. At the moment i don’t have any plans for the future yet when i retire but looking forward to have a woman with a caring heart to spend the rest of my life together with
Again, by this point the woman will ignore the grammar and odd vocabulary collocations. They seem always to be looking for “a woman with a caring heart” and, to set the romantic hook, “to spend the rest of my life together with”. He probably found that my friend was a single woman, in her 40s with a child. This is the profile of the kind of women that these pathetic scammers try to take advantage of. If the woman is a widow, they may include a sentence saying that they, too, lost their partner. This is usually from breast cancer but occasionally it is more dramatic, like in a car crash. Again, the idea is to build a common bond. They know most of these women are dreaming of finding a sensible, dependable man who is looking for a life partner.
9. I’m am serious with what ever i do and i don’t play games..
They must have picked up this phrase from dating sites. They never play games. Most women over 40 want serious men.
Scammers will often go through the trouble of setting up false Facebook and dating site accounts with the pictures that they sent the victim. Links to these sites are often included in the email. These sites disappear as soon as they hook the victim or if they get caught. Some victims find that the IP address of the scammer originates in the same region they are in. This leads them to wrongly conclude that the scammer can be trusted when, in truth, this can be arranged through a proxy server. These morons took a very long time to learn that their IP addresses can be traced. In fact, these guys seem to take a lot of time to learn anything. Many websites tell victims how to recognize scammers, but the scammers keep on doing the same things over and over. Sadly, they still succeed enough to keep them going.
As I researched the scammer that contacted my friend, I saw that she had received the more condensed version of the letter. His other letters go on at some length. Here are some other things he often adds.
I lost my wife 9 years ago and since then I’ve been living alone with my so she had a terrible accident that toke away her life and made me lonely in the World of Love.
My goal of dream in life is to find the one who will be with me and love forever and ever.I dislike lairs and disrespected people.I also like to meet a woman that is faithful and respectful.Am caring Loving Honest and also Understanding.
My rank is WO4 My military education includes the United States Military Academy (U.S.M.A) at West Point New York (Class=of 1977)=3B Infantry Officer Basic and Advanced courses Armed Forces Staff College and a U.S. Army War College Senior Fellowship at the Hoover Institution Michigan University.
Unfortunately, added to his bad grammar skills, he clearly has no mathematical ability. He’s been in the army for 27 years but graduated in 1977.
we are not allow to use cam and =phones in the camp for security reasons
In other words, we can chat in text only without video or voice.
Do you like to play with the heart of a man?
As in tennis or croquet?
So who are these guys? Well, they’re all not guys, for one thing. There are also female scammers, although they are fewer in number. Both male and female scammers pretend to be either male or female. Many of them have been tracked down because they were stupid enough to give out actual information about themselves that allowed victims to track them. We do have actual pictures of them and of who they claim they are. You can find that information here. You will see that they often try posing as gangster tough guys, often dangling gold chains, or, my favorites, covered in money. Below is a picture of the guy who probably scammed my friend. Even if my conclusion is wrong, the guy is a known scammer so I don’t think I’ll ruin his reputation much.
Then there’s the guy who tried to pass off George Clooney’s photo as a man looking for the right woman. You can imagine how excited the woman was when “George” told her that he wanted “a kind of woman like you in my life a woman like an angel believe me when i tell you,you are so cute so sweet looking so gorgeous so sexy to ignore have you been told that before please tell me more of your gorgeous self”. For laughs, the woman went along with the scam for a while. You can see this sometimes hilarious exchange here. Alas, George has apparently fallen on bad times and is now working on construction projects in Nigeria.
Despite the amateurish nature of these scams, they continue to work. That should be worrying because someday, someone is going to realize that these have the potential to do more than extract money from lonely men and women. When I received the forwarded letter, I was nervous about clicking on any links or photos. Then I realized I was not dealing with hackers but scammers. But couldn’t a hacker exploit this angle to get into your network? It would be more like a social engineering attack with an emotional hook. This could be a deadly combination. I’d just like to point out that there is a whole frontier out there with more dangers than we can conceive of at the present time. This is just a heads-up to keep your eyes open for the day that phishing and spear phishing scams take on this new emotional dimension. The bad news is that I can’t suggest a way for humans to stop being human anymore than I could tell a salmon not to be a salmon.
No matter what the phishing scam and what the weakness of your employees may be, you would never have to worry if your devices had dual operating systems that were separated at the hardware level. Contact InZero Systems (Email: email@example.com) to set up such a secure system in your company or organization.