Twitter and Romance Scams

This article should take around 3 minutes 8 seconds to read.

Twitter has a problem with romance scams (a variant of the famous 419 scams) especially romance scams targeting female users, and I thought I’d use my latest scammer to look into the issue.

As you can see “Richard” here is following 170 people and has never tweeted.

As may not be surprising, everyone “Richard” follows appears to be a women

But what is interesting is so many of us appear to be based in Scotland / political. I’m guessing that “Richard” doesn’t really care which women he follows, they are just hoping that enough of us fall for him and give him money.
So why is their such a cluster of Scottish political women they are following? My guess is they started with a single woman and followed all the women that profile was following/follows since people interested in similar topics this tactic is likely to form a group of women with similar interests.

Not only does “Richard” not follow and men (or NB people) they only one guy follows them…

Yoann, “Richard”‘s only male friend

Yoann, hasn’t tweeted much, but he does have an Instagram account

Sadly my browser doesn’t render the emojis well, but he claimes to be a 15-year-old male model from the Ivory Coast. he also has a second Instagram account

On his Twitter bio Yoann claims to come from Abidjan, Côte d’Ivoire
Is this 15 year old kid, the scammer behind “Richard” who knows but I’ve reached out to him for comment.

Continue Reading

How much do sextortionist’s make?

A close-up of a women with her finger on her lips
This article should take around 2 minutes 11 seconds to read.

Wikipedia defines Sextortion, as

a form of sexual exploitation that employs non-physical forms of coercion to extort money or sexual favors from the victim. Sextortion refers to the broad category of sexual exploitation in which abuse of power is the means of coercion, as well as to the category of sexual exploitation in which threatened release of sexual images or information is the means of coercion.

Just under a year ago spammers started to send sextortion emails such as the ones highlighted by Sophos and Brian Krebs
Since I’m still getting theses email into my honeypot I thought I check to see just how much theses scammers made.
Bitcoin wallets allow you to generate addresses on the fly so in theory each email could have a unique address however a quick check on the latest spammer I got has two reports in the Bitcoin Abuse Database since neither of theses reports are from me at least three people received emails with the same address, it is therefore likely that each run of emails has it’s own address.

So how much has our scammer made?
The original address highlighted in Brian Krebs report shows a single payment of 0.28847409 BTC (About $1,522.34 USD) The address this payment was sent to also received 4 other payments into it, two of them where for smaller amount and therefore don’t look like additional runs. therefore their are three sextortion runs from this scammer earning them a total of a round $4,000. A tidy sum for a few hours work.

That however was the first sextortion scammer. checking back on the bitcoin addresses used in emails previously sent to me, I’ve failed to find a single one that has been paid anything.
Clearly like much else if you have a “good” idea and are able to capitalise on it on it you can make some cash, however for most scammers you make nothing, and risk a long prison sentence.

Continue Reading

Chinese spam – a source of eternal amusement.

This article should take around 1 minutes 46 seconds to read.
One of my spam black holes does nothing but pick up Chinese spam.

None of it ever has links in it so I don’t normally do anything with it however sometimes when I feel like being confused I run it through Google Translate.

Apparently, the blue text in this message reads

Support text <quiet edge sound> word and language <rock stone wear empty> sound chat <evoke two clear Qing dynasty> day mode <蓦山溪>, the highest <驿外断桥边> can <tear marks residual> get 58<白鹤 江入京>8电<凡九阕>子游<卮酒向人时时>Art<近中秋>15<年年年为花愁>重<不卷卷幕人>曲,巨 <杯再拜> cost-effective . <正目断>Company’s entry into the <Jun Watch> section no <Qingmen are scrap> upper limit

This is not some Chinese fortune cookie spam but down to hidden elements within the text, the original text doesn’t contain any “< >” characters yet the translated text does

Looking at the HTML of the message confirms this.

Removing the “< >” from the input text give a much more sensible translation.

Support text and voice chat mode, up to 588 electronic entertainment 15 songs, huge cost-effective. No deposit limit for company deposit

Still no links etc. but at least I know what it’s about.

Continue Reading