E-mail scammers typically combine social engineering with technical skills to bypass spam filters and persuade the recipient to reply. But there is a specific class of attacks that is technically stuck somewhere in the late 90s/early 00s, in the era of CRT monitors and sluggish internet: we are talking about text-based fraud.
Attackers of this kind do not carefully imitate the appearance of e-mails from major companies, do not redirect the victim to a fake site, do not obfuscate links and do not even use them. Their main tool and method of persuasion is old-fashioned text. And it works surprisingly often.
Types of text-based fraud
In terms of topics and techniques, text-based fraud can be divided into several types:
- Dating scams
- 419 scams
- Blackmailing and extortion
- Vishing
Let’s take a look at these types of scams and see why they work.
Dating scams
This category includes messages seemingly from attractive women (more rarely men) looking for a “serious relationship.” For extra plausibility, scammers add biographical details and/or photographs of their bait, including immodest ones. The latter are usually downloaded from open sources.
Attackers can also create fake profiles in social networks and instant messengers to make the scheme more persuasive. If the potential victim responds, they are added as friends and start to receive individual treatment. The interaction can last from several days to several months, and includes not only messages, but also phone and even video calls.
Fraudsters can monetize their lonely-heart character in several ways. For instance, early on in the communication, they might ask for small amounts of money or gifts as a sign of commitment. Another variant is, after a long virtual communication, to ask for a large sum to visit the victim, have an urgent surgery, etc. One more scheme, quite common lately, is when the “partner” promises to send the victim an expensive gift or cash by courier from abroad. After some time, the “courier” gets in touch and asks the victim to pay for shipping, customs duties, etc.
Note that scammers get acquainted with victims not only by e-mail. These schemes are utilized on dating sites, social networks and instant messengers. Moreover, the latter two are often the main channel for communicating with the victim, regardless of how contact was initially made. But mass mailings are still more convenient to send out by e-mail, since accounts in social networks, messengers, etc., are quickly blocked due to spam.
Statistics
Dating scams are the least common type of message-based fraud. From March to June 2022, we found 49,536 messages from people “looking for a relationship,” dropping to 1998 e-mails for the whole June. This may be because scammers actively use other communication channels to get to know their victims and establish a trusting relationship.
419 scams: “rich uncles” and Covid payments
419 scams are one of the oldest types of text-based fraud. In the classic 419 letter, the recipient is informed by a “lawyer” or other “official” that a deceased relative or dying benefactor has bequeathed a huge fortune to them. All the victim needs to do is fill out a short questionnaire, pay a fee for administration and other formalities, and claim their millions. Often, the scammers do not mention the fee straight up but invite the victim to make contact by replying to the e-mail to find out more about their “inheritance.” In any case, once the fee is paid, they vanish.
419 e-mails are often crawling with grammar and spelling mistakes. This may be to mask words and expressions that could activate spam filters, or it could be that the attackers have a poor grasp of the victim’s language.
