It would be a challenge to find someone who has not heard of the now-infamous “Nigerian Prince scams,” also known as “419 scams” and “advance-fee scams.” The concept itself dates back to the French Revolution, but it has come a long way due to human gullibility. More recently, it has taken to the internet to deceive scores of email recipients hoping for a big payday.

Online scams in this category involve the victim receiving emails that promise a large sum of money in exchange for taking supposed business actions that the sender requires. According to the scammers, the money is usually stuck in some offshore account and you are promised a considerable part of it if you are willing to help the individual pay a “small fee” to release it from the bank.

Lately, while shuffling through some emails, I personally stumbled upon what I thought was the same type of scam. However, after playing along to an extent, I came to learn that online scams originating from Nigeria have evolved. While some stick with the old rich prince ploy, others have devised more elaborate schemes to secure money. If you’re thinking cryptocurrency might be involved, then you’re right on the money.

A Romance Scam Grooms Potential Victims

It all started on a dating app. I matched with a profile that appeared to be legitimate. Unlike other fake profiles that are obvious to spot, this person’s pictures looked like an honest user’s might. The profile description was detailed and pertinent to the geographical location where the person claimed to live. To add an extra layer of authenticity, the person even called me on the phone to help gain my trust.

Although things seemed fine at first, there were some early signs that gave them away: being suspiciously eager to have frequent phone calls from the start, messaging in the early hours of the morning, using WhatsApp instead of SMS and having little contextual understanding of the city where they claimed to live.

Now feeling suspicious, I wanted to at least find out where this person was located. Since they claimed to have an MBA and be an expert in investments, I created a fake real estate listing on a page designed to track their IP and asked them if they thought the house in my link would be a good investment. They took the bait and the results showed me that they were operating from an IP address in Lagos, Nigeria.

The Plot Thickens

After establishing that this was indeed a scam and the person was lying about their true whereabouts, I wanted to know their end goal. The individual I was speaking with claimed to run a cosmetics business and deal in bitcoin investments to supplement their income. The mention of bitcoin piqued my interest.

After some initial pleasantries, they started to unravel their scam, claiming that they made $9,000 with an initial investment of $5,000. They proceeded to send me a series of videos of people claiming to have made large sums of money by investing in bitcoin as well. I feigned interest and asked the individual to explain the details, which is when they said that I needed to first buy bitcoin using a crypto exchange of my choosing. I initially suspected that they would recommend I use a fake exchange set up for the purpose of having people buy coins they would never get, but they did not insist on the source of the coins.

Then came the more specific part: I would have to use a site called “au2traders[dot]com” to invest my bitcoin. The scammer insisted I use this specific domain for investing the cryptocurrency, so I knew that the scam lay in wait there.

I went on to evaluate the site and found many easy-to-spot issues that told the tale of an online scam. The website wasn’t well-developed and appeared to be hurriedly put together — links to social media did not work, there were grammatical errors in the text and there was no phone number listed for support, only an email address for supposed customers to contact in case they had issues. The website’s footer did not even note the incorporated name of the company that operates au2traders.

The site also showed a fake physical address in New York City with an invalid six-digit zip code. 108 Adam Street in New York is located in Brooklyn, with the postal code 11201.

A search on the X-Force Exchange threat intelligence platform listed this website in the spam category.

I wanted to see who owned the domain and how long ago it was created. A quick WHOIS query revealed that it was registered just 50 days earlier and the domain was protected using a privacy protection service that hides the domain owner’s identity and address and replaces it with the service’s address.

Testimonials on the website described people who apparently went on to complete millions of trades and were now top earners. The site also featured photos of the individuals — a nice touch. A simple reverse image search on Google showed me that there were hundreds of copies of these exact same generic images available on various sites across the internet.

I also searched a professional network for employees of this supposed company but only one result emerged, noting a marketing specialist located in New York City, the supposed location of the headquarters with the fake address.

A Scam Is a Scam

I went ahead and opened an account on the site to glean more information about what appeared to be a rather gray area to me. The site required a minimum deposit of $300 to begin trading, and there were options to trade in different cryptocurrencies.

Although I’m unsure as to how exactly the scam unfolds after one deposits bitcoin on the platform, all the information I gathered on the website leads me to believe it was set up by someone looking to receive anonymized cryptocurrency payments from users who would never see their money again.

The very lengthy “Terms and Conditions” page on the website warns the reader that they are trading in binary options and that they could lose part, or all, of their investment. Many odd rules are applied to any attempt to withdraw one’s money from the platform. It also notes that service is not available to residents of the U.S. or Canada, yet the company is supposedly located in New York.

Binary options are prone to fraud in their applications and are banned by regulators in many jurisdictions across the globe. The FBI has been investigating binary options scams and some cases have been tied to criminal syndicates. A testimony from an FBI agent on a recent case of binary options fraud revealed tactics very similar to what I had seen in my own review of this scheme.

Indeed, online scams have come a long way, and grooming potential victims via romance scams is just the tip of the iceberg. A word to the wise: Remain vigilant about any off-topic communications with people online. Keep your heart, and your hard-earned money, protected from fly-by-night fraud.

More from Fraud Protection

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

What to do about the rise of financial fraud

6 min read - As our lives become increasingly digital, threat actors gain even more avenues of attack. With the average person spending about 400 minutes online, many scammers enjoy a heyday. Old impersonation scams continue to deceive people every day, as con artists and hackers are armed with advanced technologies and sophisticated social engineering tactics. According to the Federal Trade Commission, financial fraud increased by over 30% from 2021 to 2022, with total losses surpassing $8.8 billion. This ever-evolving threat will continue to…