Sexy young women entice the unwary in Yahoo dating scam

Filed Under: Featured, SophosLabs, Spam

Pictures used in dating scamLadonna, Lekisha, Solange, Maggie, Lorri, Clorinda, Estefana, the list goes on..

I'd like to thank all of you for your kind (unsolicited) offers to start a relationship.

I would *like* to thank you, but it turns out that you haven't just been suggesting some sexual hankypanky to me, but - judging by our spam traps - plenty of other internet users as well.

(Oh, and my wife might have some questions to ask about it too.)

Just take a look at some of the enticing subject lines we have seen whizzing across the internet in the last 24 hours or so..

Subject lines used in spam campaign

Here's how the emails typically read:

Hey,
My name is Clorinda. Shortly about myself – playful, wild and free.
I'm writing cuz I want to meet u man and I wanna meet u|think that u are hot and I would like to know more about u. Maybe it will be an interesting conversation and this is it, maybe it'll be interesting to have some closer relationships, who knows, right? Give it a try!
I would be really happy if you'll send me ur answer, ok?)

Here's another example:

Hello, it's Lavonia.
The reason why I'm writing it is simple: I'm looking for a man to spend my vacation with.
I love listening to music, dancing, watching action films, I also really enjoy skiing!

Oh yeah, I also enjoy sex. It'd be better to say that I fucking love it! I am pretty sure that u r not against sex, r u?)
It is so exciting for me and I really dunno what to expect from you) Please, write me back as soon as u can)

All the messages had JPGs attached, showing images of scantily-clad young women in suggestive poses. Here is just a handful of the photos that we saw attached to the emails:

Montage of some of the images used in spam campaign

The message headers appear like normal Yahoo emails but if you look carefully the Reply-To is not pointing back to Yahoo.

From: Lavonia_xxxxxx <xxxxxxxxxxxxx@yahoo.com>
Reply-To: Lavonia_xxxxxx <xxxxxxx_xxxxxx@fastmail.fm>
Subject: You gotta see it!

What is happening here?
The hackers have most likely harvested the images from social networking sites and other websites in an attempt to add a little colour to a rather common-or-garden dating scam.

They are also spoofing Yahoo email addresses in an attempt to add legitimacy to the messages.

Why are the messages being spammed out?

Well, normally the emails are just the first stage in an elaborate scheme to:

  • Trick you into handing over your personally identifiable information (PII) to allow for identity theft.
  • Trick you into wiring the nubile young female some money. "Can you pay for my plane tickets so I can visit you?" / "My elderly mother needs hospital treatment" once the virtual romance has begun to blossom.
  • Recruit you into a money laundering operation. "Can you transfer some money for me from A to B?"

Don't be fooled into thinking that romance scams like this aren't much of a threat. In 2011 it was estimated that scams like this cost US victims $50 million, and such scams have even driven their victims to suicide in the past.

The motto of interacting with the internet should be "If it looks too good to be true it probably is!"

, , ,

You might like

11 Responses to Sexy young women entice the unwary in Yahoo dating scam

  1. Marco Ermini · 730 days ago

    You know you are an hacker when you get such emails and you start immediately to look at the header fields.... ;-)

    • Delta2 · 730 days ago

      You know you are a 'real' hacker when you sit quite and look at all the wannabe hackers post stuff about what they do.

    • CRJEEA · 729 days ago

      You know your a hacker when you go out looking for the ones asking you to transfer funds and then take their money.

      At the same time gathering all the information to take them off the internet for good.

  2. The_J · 730 days ago

    Nope, that's rather common sense today for people who regularly deal with computers.

    @ the images: Not necessarily from social networks. I recognize some of the girls, saw the images on other sites.

  3. Brett · 730 days ago

    I have received scores of these; and a common give-away is the fact that they have seen my 'profile' on a website, that I have never heard of!
    On a side note: As if I would reply to anyone that couldn't write a complete sentence in reasonable English.

  4. JMJ · 730 days ago

    Frankly and as a member of the X/Y-half of the species, I believe any guy over the age of twelve who gets caught up in such schemes deserves what he gets. Of course, this harsh judgement excludes those who are mentally infirm, recently released from long prison sentences and/or who honed their social skills exclusively in thier parents' basements.

    It would be totally laughable except that, as the author notes, some get snagged so badly, they harm themselves or others.

    • VFAC · 729 days ago

      Be careful not to encourage people to blame the victim, no body deserves to be taken advantage of by a criminal. The internet is full of people who are total newbies and have no idea about these kind of scams. Some people think that only people send emails and that someone must know them to send them an email directly. There are also a lot of people who are honing their social skills in their parents basements.

      The other victims of this are the girls who have had their personal pictures redistributed in a spam campaign. Can you imagine the horror of finding that a picture stolen from a hacked email account has been sent to millions of people all around the world with a note saying " I am looking for a man, and by the way I love Skiing!".

      I encourage Web Ninjas such as yourself to help educate and make these scams unprofitable.

      • Gavin · 729 days ago

        I agree wholeheartedly, VFAC. This is an outstanding comment and truly gets to the heart of two issues:

        1) The blame belongs squarely with the criminals.

        2) Technically savvy people are not helping if they cannot understand the perspectives of the less technical or if they fail to educate in an understandable way.

  5. Ken · 730 days ago

    One of my favorites is where the sender tries to trigger memories in me that never happened. “I remember you from a chat room several years ago. You told me you’d like to meet me, but I wasn’t available, but hey, guess what? I am now, and I’m moving to the city you told me you live in. Isn’t that great?” (Except in the actual email, many of the words were misspelled or in “text speak.”) What are the odds that a recipient would say to himself, “Hmm, I DO remember her and I DO want to meet her. This is great.”

  6. Snert · 729 days ago

    I like to respond to these idiots once in a while just to lead them on. I had one going for three weeks before it caught on.
    I use crazy excuses when I get asked for money, like "My parents got married and I had to pay their fines." Or I ask them questions like "Do you like KY jelly on your peanut butter sandwiches?"
    I must have way too much time on my hands, but I figure if they're messin' with me they ain't messin' with you.

  7. Friendlypest · 728 days ago

    I have to say to some of you, that if you have ever put a personal ad on a dating site. your profile does show up on other dating sites. Kind of sad that the scam artists are using dating sites to scam people. I had a profile on match.com and you could see it on several other dating sites. Sad but true. Never again as most of the men or women on there were from nigeria and posing as a US citizen and try to convince you they are visiting a family member and that they ended up sick and try to get you to wire them money. it is all a scam as far as I am concerned.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul O Baccas (aka pob) joined Sophos in 1997 after studying Engineering Science at Oxford University. After nearly 16 years, he has left Sophos to pastures new and will be writing as an independent malware researcher. Paul has: published several papers, presented at several Virus Bulletins and was a technical editor for "AVIEN Malware Defense Guide". He has contributed to Virus Bulletin and is a frequent contributor to the NakedSecurity blog.