Cybercrooks attacking overbooked hospitals during the Covid-19 pandemic was low, but a new scheme proves that for some fraudsters, there’s no bottom to which they cannot sink.
A disturbing new campaign has been spotted, in which photos of abuse victims were being used to trick people into paying recurring fees for a non-existent service.
Reports claim that there are dozens of fake ID verification services out there that promise to cross-reference registered accounts with known sex offender databases. However, all these “services” do is take people’s credit card info, possibly stealing their identities in the process, and setting them up for a recurring payment service.
Criminal scams
To get people to “register”, the fraudsters create fake accounts on hookup platforms such as Tinder. As multiple people confirmed to the publication, the fraudster would create an account of an attractive woman, and after chatting a little bit with the target, would say they were victims of abuse in the past. They would even share actual photos of the woman, abused, to back up their claims.
Then, they would demand their new love interest to register on one of these sites, to “confirm” they were not an abusive individual. Most of the sites (of which there are many, as the publication discovered), were registered to an entity in Cyprus, which was unavailable for comment.
The sites feature user testimonials which turned out to be fake, as the images of the people were found on stock photo sites. What’s more, instead of the actual payment form, the sites hold an HTML iFrame served from domains that read as if someone just hit the keyboard – ndwhvl.com, ntrfrnc.com, pcngyh.com – to name a few.
Those that fall for the trick and decide to “register”, can choose among multiple membership options, ranging from $1.99, all the way up to $100, depending on the website and the membership package.
Next only to Elon Musk-related schemes, romance frauds are one of the most popular types of scams on the internet, right now. Users are advised to be extra vigilant with everything they do online, and activate two-factor authentication wherever available.
Via: BleepingComputer