Exposing African Romance / Dating Scams

The business mantra for today is outsourcing. It’s a business strategy to outsource jobs; that’s what keeps the balance sheet looking smart. It also helps in focusing on what churns money, search for new avenues and eventually extend business boundaries. And if you think this is a First World phenomenon, you need to think again.

Outsourcing has crossed those boundaries too. And in the domain of unwanted dating attacks this practice is light years ahead. Now, it’s not just a global village story; it has gone beyond to the ‘the girl next door’!

From a deeper perspective spammers are well aware of the affinity of some to cheat and have extramarital affairs. Using this as a bait, they have formed an organized cartel to plunder this opportunity. Now this is not just an Ashley Madison saga. It’s much more!

Seems puzzling? Let me explain these nuances to you.

Below are a set of messages sent over a specific period of time to a select set of recipients. They were intercepted by the filters on AdaptiveMobile’s Network Protection Platform (NPP) and marked as spam – thus being blocked from reaching its destination.

  • a great friendship comes with a sign, this message is a sign you need, show me that you are my special one +677957XXXX @
  • Hi baby, i really need a vacation, i am thinking that your country would be a great destination, what do you think? +677957XXXX
  • I have such a terrible day today!!! Can you pls call me to make me feel better? 🙁 +38160791XXXX
  • u and you alone your love is the kind of love that no one can chage me out of it thank u your LOVELY LI026216XXXX
  • You fill my heart with love and my life with happiness! i miss you baby +38160791XXXX @
  • Its so cold today, i need you to warm me +3554249XXXX
  • Baby, you are my only one, i need an advice +677957XXXX
  • Its so cold today, i need you to warm me +23722225XXXX
  • Avoir un ami comme toi, c?est une vraie chance dans ma vie. +509281XXXX
  • En amour, il y en a toujours un qui souffre et l’autre qui s’ennuie. Moi je souffre. Appelles moi: +5092817XXXX
  • Je suis libre et j?attends amicalement un coup de fil. +5092817XXXX
  • La bonte en parole amene la confiance.La bonte en pensee amene la profondeur.La bonte en donnant amene l’amour. appelez: +5092817XXXX


Map showing countries targeted with African romance scams

Figure 1: Target country and affected geographies

These messages were targeted for English and French speaking African countries (as highlighted in the map) and were sent from a range of mobile numbers to a targeted African audience. Given our analysis, we determined the sending numbers originated in the US, Eastern Europe, Haiti and the Solomon Islands.

Keeping a careful watch on the content of the messages and the sender’s mobile numbers helped us understand and anticipate their behavioural patterns. The modus operandi seems to be aimed at eliciting a response from the receiver – just one phone call would be sufficient to entangle the end user. After all, that is what a bait is meant for!

Map of Africa showing the disconnect country to which the end user is redirected when they respnd to SMS romance scam

Figure 2: The disconnect country to which the end user is redirected.

Deciding to test the waters myself, I called the number using the necessary precautions. On dialling the phone number given in the message I realized that this call to action number that was thought to originate in the US, Eastern Europe, Haiti and the Solomon Islands was actually outsourced to a disconnected country. I tripped on this secret when a damsel with an unfamiliar accent responded. In the background I could hear the typical chaotic blare of a call centre, but on fine-tuning I discovered that the template used by them, in that vicinity was the same. The accent starkly betrayed the speaker’s origins. This peaked my curiosity and I wanted to find out where I had called. Questioning the speaker I found out that I was trunked to a remote village in Sri Lanka, close to Candy. The speaker, a young college teenager, was posing as a Far East European named Mariya Peterova – in her own words, ‘a white, fair beauty’ wanting to create a liaison with me. Her intention was to come over to my country and spend some “romantic quality time” with me. The conversation got deeper, romantic and bizarre. However I stayed alert to find out what information they actually wanted to extract from me.

I pretended to be an expat African – a millionaire, doing business in Europe. We blah blahed about romancing in some haute European location. Then she blurted the million dollar request: “uh… darling, I want to send you a Facebook request, ok?” then “what’s your WhatsApp ID?” and “at least give me your mobile number?”. I escaped by saying I don’t use social networking, nor was I savvy with it.

When she found that she was not able to make headway, she transferred me to a colleague who sounded equally novice at the game and eventually hung up.

It got me thinking about how that information would help them. It would definitely help in double checking to see if I am who I claim to be – a word of warning to those who register themselves on social networking sites and give out actual personal information. More importantly, spear phishing uses this tactic of identity theft and third party fraud using user data harvested from social networking sites. Once confirmed, this open source information could help in tracking yours truly and those connected to me, which means a perfect setup to ensnare a shoal of fish – more people more opportunities! This master stroke would enrich their database immensely.

After decoding what transpired one can easily figure out what they are up to. It seems to be a whole new game plan – one more established and complex than surmised earlier. There is a group that sets the snare, others that offshore the gathered intelligence from the ensnared and the rest who take it to the logical conclusion of abusing harvested user data. Such campaigns are not meant to befriend you, but to gauge the depth of your pocket or to harness intelligence for a competitor.

But from a security point of view, the alleged dating spam messages emanating from each of the said countries seem to have originated from a cartel for the following reasons:

The message pattern and structure used in luring the recipient is similar in logic.
The message content overlaps with each other.
Many messages seems to be directing the callers to the same number range.
Most interestingly, the target geographical region is the same – Africa.

All these points converge to ground zero – Africa.

Is Africa then the new hunting ground for Adult phishing? Or is Africa turning out to be a test-bed for spammers?

An intriguing African Safari beacons the telecom evolution in Africa.

AdaptiveMobile advises caution in responding to unknown friend invites or requests in all forms, be it unsolicited SMSs or social networks. Remember to not click on any unknown or unfamiliar links or call any unknown or unfamiliar numbers.

Related insights

Mobile World live webinar: Diary of a CISO

Watch Webinar Recording: Diary of a CISO – Building a Resilient Telecom Organization

Read more

Tags: MNO, Mobile Security

Storm-0539 Cybercrime Gang: Microsoft Alerts Companies of Gift Card Fraud From Moroccan Hackers

Read more

Tags: SMS, SMS scam

Infosecurity Magazine logo

Cyber-criminals Exploit Cloud Storage for SMS Phishing Scams

Read more

Tags: SMS scam

Enea in Mobile Europe

Cyber-criminals using AWS, Google and IBM services to steal data by SMS

Read more

Tags: SMS scam

Top Cloud Services Used for Malicious Website Redirects in SMS Scams

Read more

Tags: SMS, SMS scam