By Alex Y. Chen
Scams have become more rampant in recent years by utilizing various social engineering techniques. Whether through social media, emails, or mobile apps, cybercriminals have been able to lure victims into clicking on fraudulent links so that they can steal vast amounts of money from unwitting individuals. In fact, schemes that involve romantic themes and routines through online dating are among the most widespread.In May, we observed a sudden increase in traffic for online dating websites primarily targeting Japanese customers. After analyzing and tracking these numbers, we found that these dating scam campaigns attract potential victims by using different website domains that have similar screen page layouts. By the end of the transactions, the fraudsters steal money from victims without the subscribers receiving any of the advertised results.
Moreover, after checking the locations of the company listings, we found it suspicious that their respective offices are located in other countries or islands outside of Japan, such as the Caribbean Islands, Hong Kong, and the Philippines. Grammatical errors in Japanese are also evident on these sites, making it likely that the writer is not a local.
Figure 9. Instructions for membership, purchase of points, and “support money”
The points allow the subscriber to avail of the website’s matching services. JP¥10 (est. equivalent of US$0.095) is equivalent to 1 point in the website and supposedly provides service features such as sending a private message or email to another member (1,000 points). Meanwhile, other features require no point usage, such as sending a message via a public message board and looking into their profile data, among others.
Figure 10. Website services equivalent to points
Only after the user has made one or several purchases will they realize that both the registration and points are worthless. A quick online search of the domain used for the registered email address would also raise suspicions, as the query returns no results for the addresses.
Figure 11. Fake domains and email addresses
By this stage, however, the user has already given their information and credit card data. From an HTML analysis, we found that the cybercriminals can use an image file to display some pieces of information, such as company address and owner. Unfortunately, this also allows hackers to easily replace the sensitive information listed such as IDs, emails, and financial credentials for use in other malicious activities.
Looking at the rates of visits to these websites from March to June reveals that there has been a steady number of visits and transactions in these malicious websites.
Figure 12. Number of visits to malicious online dating websites by URL per day
Scams lure potential victims by proposing products and services that are trending or that respond to an individual’s wants or needs. Furthermore, cybercriminals are always on the lookout for opportunities to profit at the expense of other people. The financial and personal information of the victims can be subsequently used by the cybercriminals to conduct other unlawful activities. In particular, fake dating websites can serve as research and development grounds for more sinister attacks, or possibly lure victims of other nationalities who may have a basic understanding of the language.
Here are some best practices users can follow in order to avoid falling prey to such scams:
Trend Micro endpoint solutions such as the Smart Protection Suites and Trend Micro™ Worry-Free™ Business Security detect and block the malware and the malicious domains they connect to. Trend Micro™ Email Security™ thwarts spam and other email attacks. The protection it provides is constantly updated, ensuring that the system is safeguarded from both old and new attacks involving spam, BEC, and ransomware. Trend Micro™ Web Security™ Advanced, powered by XGen™, provides you with forward-looking threat protection on web threats, URL filtering, and application control, plus enterprise-grade features.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.