Avast researchers have identified a new version of an old romance scam, using pictures of beautiful women to try and lure victims in.
We have seen scams trying to lure guys into relationships for many years. This was so common that back in 2007, for a few months I collected all those scam emails that I received. All of them were pretty obvious, with some picture of a beautiful girl attached, saying she had somehow found my email address and wanted to talk to me. I remember this as I prepared a presentation with 50+ different pictures and email messages collected to show people and help them learn how it worked. If we fastforward 15 years to today, we can see how the world has changed, and so have these “romantic” scams. Victims learn and they are not that easy to fool with old tricks, and cybercriminals use different tricks to bypass email spam filters and to fool users asking directly for their money. My colleague Branislav Kramár has caught some new waves of this type of scam. You can receive it via email, the first one is the usual message with a PDF file attached. When you open it you will see some pictures of a girl in a bikini, and a link so you can talk to her: The other one has a more creative way of bypassing spam filters, as it is a Google Classroom invitation:
If you join you will see the following message:
In both cases you are redirected to websites. First you’ll be asked for you email address, as we can see in these two different examples:
At the end of the they, the story ends up in the same way: you are be asked to get a subscription in order to talk to the woman of your dreams:
In the first week, we blocked 7,900 messages. As you can see in the following graph, most of the targets were from North America and Europe:
For the last 10 days the malicious campaign has been going on, we have blocked 70,000 attacks. Among the countries now we can see some Asian presence (India and China), although North America and Europe are still the most targeted ones.
In the following map we can see all countries affected by this attack and its severity: