It would be a challenge to find someone who has not heard of the now-infamous “Nigerian Prince scams,” also known as “419 scams” and “advance-fee scams.” The concept itself dates back to the French Revolution, but it has come a long way due to human gullibility. More recently, it has taken to the internet to deceive scores of email recipients hoping for a big payday.

Online scams in this category involve the victim receiving emails that promise a large sum of money in exchange for taking supposed business actions that the sender requires. According to the scammers, the money is usually stuck in some offshore account and you are promised a considerable part of it if you are willing to help the individual pay a “small fee” to release it from the bank.

Lately, while shuffling through some emails, I personally stumbled upon what I thought was the same type of scam. However, after playing along to an extent, I came to learn that online scams originating from Nigeria have evolved. While some stick with the old rich prince ploy, others have devised more elaborate schemes to secure money. If you’re thinking cryptocurrency might be involved, then you’re right on the money.

A Romance Scam Grooms Potential Victims

It all started on a dating app. I matched with a profile that appeared to be legitimate. Unlike other fake profiles that are obvious to spot, this person’s pictures looked like an honest user’s might. The profile description was detailed and pertinent to the geographical location where the person claimed to live. To add an extra layer of authenticity, the person even called me on the phone to help gain my trust.

Although things seemed fine at first, there were some early signs that gave them away: being suspiciously eager to have frequent phone calls from the start, messaging in the early hours of the morning, using WhatsApp instead of SMS and having little contextual understanding of the city where they claimed to live.

Now feeling suspicious, I wanted to at least find out where this person was located. Since they claimed to have an MBA and be an expert in investments, I created a fake real estate listing on a page designed to track their IP and asked them if they thought the house in my link would be a good investment. They took the bait and the results showed me that they were operating from an IP address in Lagos, Nigeria.

The Plot Thickens

After establishing that this was indeed a scam and the person was lying about their true whereabouts, I wanted to know their end goal. The individual I was speaking with claimed to run a cosmetics business and deal in bitcoin investments to supplement their income. The mention of bitcoin piqued my interest.

After some initial pleasantries, they started to unravel their scam, claiming that they made $9,000 with an initial investment of $5,000. They proceeded to send me a series of videos of people claiming to have made large sums of money by investing in bitcoin as well. I feigned interest and asked the individual to explain the details, which is when they said that I needed to first buy bitcoin using a crypto exchange of my choosing. I initially suspected that they would recommend I use a fake exchange set up for the purpose of having people buy coins they would never get, but they did not insist on the source of the coins.

Then came the more specific part: I would have to use a site called “au2traders[dot]com” to invest my bitcoin. The scammer insisted I use this specific domain for investing the cryptocurrency, so I knew that the scam lay in wait there.

I went on to evaluate the site and found many easy-to-spot issues that told the tale of an online scam. The website wasn’t well-developed and appeared to be hurriedly put together — links to social media did not work, there were grammatical errors in the text and there was no phone number listed for support, only an email address for supposed customers to contact in case they had issues. The website’s footer did not even note the incorporated name of the company that operates au2traders.

The site also showed a fake physical address in New York City with an invalid six-digit zip code. 108 Adam Street in New York is located in Brooklyn, with the postal code 11201.

A search on the X-Force Exchange threat intelligence platform listed this website in the spam category.

I wanted to see who owned the domain and how long ago it was created. A quick WHOIS query revealed that it was registered just 50 days earlier and the domain was protected using a privacy protection service that hides the domain owner’s identity and address and replaces it with the service’s address.

Testimonials on the website described people who apparently went on to complete millions of trades and were now top earners. The site also featured photos of the individuals — a nice touch. A simple reverse image search on Google showed me that there were hundreds of copies of these exact same generic images available on various sites across the internet.

I also searched a professional network for employees of this supposed company but only one result emerged, noting a marketing specialist located in New York City, the supposed location of the headquarters with the fake address.

A Scam Is a Scam

I went ahead and opened an account on the site to glean more information about what appeared to be a rather gray area to me. The site required a minimum deposit of $300 to begin trading, and there were options to trade in different cryptocurrencies.

Although I’m unsure as to how exactly the scam unfolds after one deposits bitcoin on the platform, all the information I gathered on the website leads me to believe it was set up by someone looking to receive anonymized cryptocurrency payments from users who would never see their money again.

The very lengthy “Terms and Conditions” page on the website warns the reader that they are trading in binary options and that they could lose part, or all, of their investment. Many odd rules are applied to any attempt to withdraw one’s money from the platform. It also notes that service is not available to residents of the U.S. or Canada, yet the company is supposedly located in New York.

Binary options are prone to fraud in their applications and are banned by regulators in many jurisdictions across the globe. The FBI has been investigating binary options scams and some cases have been tied to criminal syndicates. A testimony from an FBI agent on a recent case of binary options fraud revealed tactics very similar to what I had seen in my own review of this scheme.

Indeed, online scams have come a long way, and grooming potential victims via romance scams is just the tip of the iceberg. A word to the wise: Remain vigilant about any off-topic communications with people online. Keep your heart, and your hard-earned money, protected from fly-by-night fraud.

More from Fraud Protection

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

How Security Teams Combat Disinformation and Misinformation

“A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we're talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but the idea that truth spreads slowly while lies spread quickly is at least several hundred years old. The “Twain” quote also serves to…

A View Into Web(View) Attacks in Android

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…