Jan 16

Fraudsters Automate Russian Dating Scams

Virtually every aspect of cybercrime has been made into a service or plug-and-play product. That includes dating scams — among the oldest and most common of online swindles. Recently, I had a chance to review a package of dating scam emails, instructions, pictures, videos and love letter templates that are sold to scammers in the underground, and was struck by how commoditized this type of fraud has become.

The dating scam package is assembled for and marketed to Russian-speaking hackers, with hundreds of email templates written in English and a variety of European languages. Many of the sample emails read a bit like Mad Libs or choose-your-own-adventure texts, featuring decision templates that include advice for ultimately tricking the mark into wiring money to the scammer.

The romance scam package is designed for fraudsters who prey on lonely men via dating Web sites and small spam campaigns. The vendor of the fraud package advertises a guaranteed response rate of at least 1.2 percent, and states that customers who average 30 scam letters per day can expect to earn roughly $2,000 a week. The proprietor also claims that his method is more than 20% effective within three replies and over 60% effective after eight.

One of hundreds of sample template files in the dating scam package.

One of hundreds of sample template files in the dating scam package.

The dating scam package advises customers to stick to a tried-and-true approach. For instance, scammers are urged to include an email from the mother of the girl in the first 10 emails between the scammer and a target. The scammer often pretends to be a young woman in an isolated or desolate region of Russia who is desperate for a new life, and the email from the girl’s supposed mother is intended to add legitimacy to the scheme.

Then there are dozens of pre-fabricated excuses for not talking on the phone, an activity reserved for the final stretch of the scam when the fraudster typically pretends to be stranded at the airport or somewhere else en route to the target’s home town.

“Working with dozens of possible outcomes, they carefully lay out every possible response, including dealing with broke guys who fell in love online,” said Alex Holden, the security expert who intercepted the romance scam package. “If the mark doesn’t have money, the package contains advice for getting him credit, telling the customer to restate his love and discuss credit options.”

A sample letter with multiple-choice options for creating unique love letter greetings.

A sample letter with multiple-choice options for creating unique love letter greetings.

Interestingly, although Russia is considered by many to be among the most hostile countries toward homosexuals, the makers of this dating scam package also include advice and templates for targeting gay men.

Also included in the dating scam tutorial is a list of email addresses and pseudonyms favored by anti-scammer vigilantes who try to waste the scammers’ time and otherwise prevent them from conning real victims. In addition, the package bundles several photos and videos of attractive Russian women, some of whom are holding up blank signs onto which the scammer can later Photoshop whatever message he wants.

Holden said that an enterprising fraudster with the right programming skills or the funds to hire a coder could easily automate the scam using bots that are programmed to respond to emails from the targets with content-specific replies.


The romance scam package urges customers to send at least a dozen emails to establish a rapport and relationship before even mentioning the subject of traveling to meet the target. It is in this critical, final part of the scam that the fraudster is encouraged to take advantage of criminal call centers that staff women who can be hired to play the part of the damsel in distress.

The login page for a criminal call center.

The login page for a criminal call center.

“When you get down to the final stage, there has to be a crisis, some compelling reason why the target should you send the money,” said Holden, founder of Hold Security [full disclosure: Yours Truly is an uncompensated adviser to Holden’s company]. “Usually this is something like the girl is stranded at the airport or needs money to get a travel visa. There has to be some kind of distress situation for this person to be duped into wiring money, which can be anywhere between $200 and $2,000 on average.”

Crooked call centers like the one pictured in the screen shot above employ male and female con artists who speak a variety of languages. When the call center employees are not being hired to close the deal on a romance scam, very often they are used to assist in bank account takeovers, redirecting packages with shipping companies, or handling fraudulent new credit applications that require phone verification.

Another reason that call centers aren’t used earlier in romance scams: Hiring one is expensive. The call center pictured above charges $10 per call, payable only in Bitcoin.

“If you imagine the cost of doing by phone every part of the scam, it’s rather high, so they do most of the scam via email,” Holden said. “What we tend to see with these dating scams is the scammer will tell the call center operator to be sure to mention special nicknames and to remind him of specific things they talked about in their email correspondence.”


An ad for a criminal call center that specializes in online dating scams. This one, run by a cybecrook who uses the nickname “Sparta,” says “Only the best calls for you.”

Check back later this week for a more in-depth story about criminal call centers.

Tags: , , ,


  1. Mail order brides from eastern Europe or Slovakian countries … cyberized. What isn’t yet contaminated?

    Maybe “forgive me” apology letters (flavored with nuance of Cyrano de Bergerac) with flowers (previously specified) for those caught in flagrante delicto?

    See also 1971 The Fully Automated Love Life of Henry Keanridge about a programmer who made juggling multiple relationships a little easier. This was almost half a century ago.

    Jonathan @NC3mobi


  2. Fernando Ardenghi

    Please see:
    Fools for love: how an internet dating firm duped clients

    Online dating firm denies creating profiles to tempt clients
    How Alexa shows BBC of London UK incinerated Cupid PLC.

  3. Fernando Ardenghi

    also Former AshleyMadison Customer Sues Site Over “Army Of Fembots” With Fake Profiles.

  4. There’s a wonderfully cringe-inducing documentary on NetFlix that actually follows some of these hapless guys around as they try Russian and Ukrainian dating services.


    In this version of the ploy, the women are real but most of them are scamming the guys themselves.

  5. I wonder if my old email address i used for winding up these scammers is in that list 😀

    Brian are you able to email the list, it would be handy for the guys on 419 eater to see if any of there emails have been blacklisted as such

  6. What are the good websites? or at least more honest than these?

    • I’ve used Match.com before with some success (a number of dates and a year-long relationship). Of course, scammers show up there as well, so I just pay attention and set realistic expectations going in. I’m 53, twice divorced, so whenever I see any woman under 40 sending me a “wink” or an email, I automatically conclude that it’s a scam. It may not be, there might really be a 35 year old interested in me, but I seriously doubt it. Especially if her pictures are of some smokin’ hot babe.

      One thing I do is to try to set up phone contact and a first date just as quickly as possible. And of course the first date should be something relatively quick and inexpensive, like coffee or lunch. Not only does that eliminate the scammers in a hurry, but it also tells me just how interested a real woman might be. If she’s not willing to meet me, then either she’s not interested or is talking to someone else, so I simply move on to the next one. Of course, this strategy would work better in a larger city than I live in (I’m in a city of under 500,000), but you do what you have to in order to protect yourself.

      YMMV, as they say. I think awareness and standard operating procedures, combined with realistic expectations, will go a long way in making an online dating experience safer and more successful.

      • I’m not going to lie, reading advice about which dating websites are better and how to setup dates on a InfoSec blog is absolutely hilarious.

      • “I’m 53, twice divorced…”

        LOL. No wonder no one wants you! Best you try for one of these Russian brides.

        • Gee, you’re too funny.

          “some success (a number of dates and a year-long relationship)”

          Nobody? Doesn’t sound like nobody to me. Keep your snarky comments to yourself.

          The point I was trying to make is that the target demographic for a lot of scams like the one Brian was highlighting is someone similar to me – 40-something/50-something male, probably divorced after a long marriage, rusty social skills for meeting someone in person due to lack of practice, etc. And if they’re not savvy or have unrealistic expectations, they could easily fall prey to these scammers. As Cyber Jay pointed out below, what are the chances that some beautiful young thing would be interested in someone of that demographic and contact them online? About as likely as a guy in that demographic walking into a bar and having a gorgeous 20-something hit on him out of the blue. It just doesn’t happen in reality.

          Considering a lot of guys reading this blog could very well fit the target demographic of these scammers, and there was a legitimate question on how to trust online dating (at least that’s how I interpreted padraeg’s post), I used my own example to offer up some advice. Rather than belittling my response, maybe you can offer up something helpful instead.

          • You’re fine Darth and your advice was useful to me, a divorced 50’s male with very rusty skills in that area who is considering a dating site (albeit not a mail-order bride type deal).

            Princess Troll is a troll, nothing more.

          • Sorry I’m not in your demographic (yet), but I have also been maintaining a “dating” profile throughout my marriage. It helps to keep my social skills sharp with random conversations, as well as to easily identify fake profiles / bots. Sadly, if you’re above 35, not many women are interested (that are not “broken” in some shape or manner). Perhaps my standards are just too high, or I’m not that desperate for a connection so I do not put forth enough effort, since I already have a stable relationship. Either way, it’s entertaining to read through the profiles and guess which are legit vs. fake (bot) every so often.

          • Hey, don’t let Leia get to you. Kids often don’t take it well when their parents start dating new people.

        • Other Darth Vader

          I find your lack of faith…disturbing…

  7. People pay untold amounts of money just to see women showing off on stage all over the world. That’s life. The advice is: Don’t fall in love. If you do, you’ll find out she don’t love you.

    What you see on the screen isn’t anything more than polygons fabricated from algorithms. It isn’t real. The pictures and the videos are moments frozen in time and reflected back from someone’s life somewhere else. That is atleast for the ones that are not CGI.

    As a part of the human condition, we all have a need for the touch of another person. So much so that we will believe anything. This includes the lies we are told through email, social network websites, and the ads from that backs of magazines.

    Ya know, if everyone would just lighten up a little and just start loving someone…..alot of this craziness wouldn’t even come close to happening in the first place.

  8. Thank you, Brian, for the article.

    Here is my suggestion for a dating site, especially if you are in a city of more than 100,000. . .

    Turn the computer off and look the local outing, hiking, bicycling, mountaineering, dancing, whatever club and go there. I find those places offer the least scam and scammers.

    • The outdoors clubs have members who are into fitness and therefore in good shape. Many sedentary job holders are lumpy. So that is a good suggestion.

    • I’ve never seen any such clubs or activities that didn’t have a monthly fee or other associated costs. And that buys you access to a typically smallish (couple of dozen people, tops) potential dating pool that will quickly be exhausted, in all likelihood.

  9. The fact that anyone actually falls for that kind of fake profile to me is astounding in this day and age. If you are that desperate that you think these woman and their stories are real (stranded at the airport etc) you probably deserve being scammed. Good Grief!

    • “The fact that anyone actually falls for that kind of fake profile to me is astounding in this day and age.”

      What exactly is it that surprises you? We are living in a world not only ‘filled’ with technology, but one that is ‘dominated’ by it……and yet the vast majority of the human race still has no real understanding of how any of it actually works. No one cares to know. Most people think they don’t need to know how these things work. People think they need Facebook and Twitter in order to “stay in contact” and “find” family and friends online. People are so absorbed in their smartphone that they will walk into parked vehicles and drive off cliffs to their own deaths.

      Ya know, for the longest time, people worried about computer viruses from porn sites without ever understand that the porn is only the lure used to bring users to the site…..the real threat isn’t the pictures/videos, it’s the code that gets executed through the browser that is embedded within the webpage that serves up those pictures/videos. But, no one even cares about any of that any more. People think that Apple/Microsoft/government will take care of everything for them.

  10. This article refers to men, but I work at a FI and I can tell you I see more women falling for these types of scams then men. They like to text back and forth, wire out money, etc. Sad.

  11. Brian,

    It’s great that you are giving this topic some attention. Last Fall, I assisted a female friend in navigating the sketchy online dating waters and was shocked to see some of the more reputable dating sites to be littered with scammers of all flavors.

    One of the more interesting trends I saw occurring was the illegal use/theft of legitimate military folks identity and pictures. Unknowing military members that honorably serve were being hijacked from their social media outlets—primarily Facebook. Open or Public Facebook profiles and photos are serving as excellent resources for scammers to harvest a bounty of useful information. Photos with their military uniforms (and nametags) and family pictures are stolen and dating accounts created that left no reason for anyone to believe that these guys and gals were not legit. Even the casual correspondence and messaging taking place was grammatically correct with little error, which would normally garner some suspicion of a scam and set the red flag warning.

    However, as you mention in your article, there is always some rhyme or reason why they can’t immediately talk on the phone or physically meet up to further the relationship. In the particular case I was reviewing, the scammer indicated that he couldn’t meet because he was serving in the battlefields of Afghanistan and Iraq, and that they would “call when they could.” Over the weeks, the scammer continues to foster the e-correspondence link to infiltrate more and more personal information from the target. Almost always, the purported “veteran” is divorced with a daughter or son and will heading back to the states in a few weeks on Leave. Personal photos (stolen) from social media continue to be exchanged between the target and scammer, creating the trust and bond between the two and tugging at whatever vulnerable heart strings they could. In some cases, the scammers are even setting up bogus Facebook accounts with pictures in order to legitimize their existence and place the target at ease. In some cases, the scammer was even willing to send a photo of themselves holding a sign displaying anything that the target wanted—and as you mentioned in your article the wonders of Photoshop kick into gear and provides more non-repudiation to the target.

    And now you know what comes next…the final stage. The criminal call center initiates the long-awaited phone correspondence (in perfect English from a caller ID block) to the target in order to solidify the hopeful relationship and eventual meeting place. However, there is a catch. The supposed military member claims he is stranded in an overseas airport awaiting his next flight (Germany in my investigation) and states that his ATM/Credit card was disabled by his bank because he had not used it in many months due to his deployment. He asks the target to “borrow” money so that he can pick up his daughter a gift for her birthday and have enough funds to travel—somewhere between $500-$1000 dollars. The scammer conveniently has all the wire transfer information handy for the target and says they are standing by to verify the transfer and, of course, never to be heard from again.

    This type of scam has yielded great successes because there are numerous dating sites that cater specifically to members of the military. While validating them, I saw nothing that stopped anyone from registering an account or verified that one was serving in the armed forces. I registered an account for myself to take a test drive, and I immediately received two winks and chat requests by a female Army Colonel who claimed to be a Pediatrician in Afghanistan and another from a beautiful Army Staff Sargent in Germany—both divorced with an 11 year old son. Wow, what are the chances of that happening within an hour of registering!!??

    Bottom line is that the bad guys are stepping up their game, and the ease of masquerading an identity from a social media outlet has proven to be financially lucrative for the underground. Lot’s of people have fallen victim to this scam–Sad but true.

  12. Thank you for posting this here. I have been digging in to the online dating scams for several months now. I think an infosec blog is a perfectly appropriate place for the topic.

    I have been surprised by a couple of things: 1) how wide spread: from nuisance scams like date verify sites, Romance scams, to the world’s oldest profession, they are everywhere from craigs(scam)list to match. 2) How many men and women are careless about their online dealings; many never do so much as a tineye search on their ‘date’ or give their cell number out at the drop of a hat.

    For those with a strong focus on online security, it is second nature. For a large portion of the population, that sense of danger just isn’t there. The desire to be with someone is strong. All the big headline takes are someone lonely, and the scammer takes advantage of that vulnerability.

    I guess I am going to have to change my burner email 😉


  13. It’s not just email scams anymore. Every dating site has this going on, both male and female targets. Bringing the whole discussion back to the topic of security: Websites have some anti-automation in place to prevent scammers scripting account actions, but when those sites also create a mobile app, there is an entirely new attack surface for doing this sort of thing. We all know that most mobile applications (especially true for mobile apps that mirror website functionality) are essentially just a browser wrapped in a native app using common http and network traffic to talk to the same web servers as the full website. Those apps almost never have anywhere near the same kine of anti-automation protections that websites have.

    On another note, let’s not forget about catfishing. not only are scammers going after victims, there are also people just doing it to be jerks to other people. The culture of convenience that we have created with all our phones/tablets/apps/devices has ruined most people’s social skills so the are becoming more succeptible to this sort of social engineering attack. I would bet $10,000 that at least 90% of guys would call ‘scam’ if a girl in a bar walked up to them and started speaking like those scripts.

  14. There should be a fire alarm siren that goes off at 100 decibels in peoples heads whenever money of any amount, for whatever reason, is requested from an absolute stranger on the internet. The only thing worse than to be lonely and looking for love is to be lonely, looking for love and and out thousands on some scam.

    • The victims don’t consider them strangers by that point. By the time the scammers are ready to risk money on using the call center, they know they have set the hook and are ready to reel them in.

      The target of the scam may already be putting down deposits on a reception hall and caterer for the wedding by this time. Once the victim has spent any money, they’re loathe to put that “at risk” by considering the possibility that it’s lost on a scam. They’ll keep throwing good money after bad in order to hang on to the belief the money they’ve already spent isn’t gone.

    • There have been numerous studies of how con artists work and how their victims react. It’s an incredibly fascinating line of research. When you delve into legitimate social engineering, you often find that those who proclaim that they would detect such a scam the loudest are frequently the ones who fall for them the hardest.

  15. Brian – the scam templates you’ve highlighted do not appear particular creative or ingenious (other than the realistic broken English). I would expect that Russian fraudsters who are not fluent in English would have access to partners and associates who are and who do not have to be paid for providing a “romance scam package”. Do the package providers back up their effectiveness claims with money back guarantees? We can only hope that at least some of these players get played.

  16. The stories I read in the papers about women (and it’s usually women you read about) being scammed make my jaw drop – some of them wire £20 000 or more to people they’ve never met. There seems to be a weird suspension of logic with certain people once they log on to those sites.

    Lots of stolen pictures don’t turn up on a reverse image search, even if they’re posted at several locations online, so there’s usually no way to trace a fraudster’s photo to its true owner. But this English woman sent £30 000 that she stole from her family to a “US Army colonel” who was using General Wesley Clark’s photo! How hard could it be to trace the photo of one of the world’s most prominent military men?


  17. Good example is Craigslist w4m is only robots bots , Russian Ukraine economic should be good if we see how much money been wired to there lol

  18. There were dating bots with similar strategies that were used since the IRC era. Nowadays, i get a lot of such bots on Skype and even Telegram.

    The solution in this case is to inform the general public, as it seems they are still dreaming of Russian mail-ordered brides.

  19. “Interestingly, although Russia is considered by many to be among the most hostile countries toward homosexuals, the makers of this dating scam package also include advice and templates for targeting gay men.”

    I don’t find this suprising at all. Rather the opposite. If you were a gay man in a hbtq-phobic country, of course you’d dream about leaving it and travel to someplace where you’d be able to live your life openly. And most hbtq ppl in less hbtq-phobic places know this and can to some degree relate , especially if they are, say, above 40 yo and thus have their own personal experiences of a less acceping climate.

    Therefore, the russian gay man who just want’s to escape to somewhere else is very, very believable. I have personally met two russian gay men who did flee, and they were helped from friends of mine with marriages of convenience to get the rights to stay, since the Scandinavian state they fled to didn’t recognize having your home burnt down by a mob as a reason for fleeing o.O …

    Anyways, I’d say that scams with hbtq ppl fleeing oppression is probably a scam that would work very well. And sadly enough also making it harder for those who genuinly need help to flee.

    • Good points, and I’ve not seen that acronym used before (an alternative to LGBTQ…etc, I presume).

  20. The programs I have seen have been about older women being scammed, sometimes out of millions of dollars. There was also someone who stole a photo from a male model’s portfolio and was using that and a stolen photo from a Facebook account. Both men were shocked that their photos were being used in a scam. The scams I saw were out of Nigeria. There is also a software program for photographers that allows you to run the name/ number of any photo you have posted online and see if it has been downloaded by anybody and if it is being used; meant for copyright issues. Unfortunately I can’t remember the name of it.

  21. “Hey my name is Olga.

    I’m looking for a human of your country. I nice your profile very much. I’m from Russian Federation.

    If you lovely my photo, I wait for your answer. I think you know its country of long winter-tide and snow but our country is also famous for welcome.

    I’m 29 years. I am Blonde. I’m orientated household and I would found a close-knit household.

    In my free time I’m declaim listening to chime, gastronomy and learning foreign languages.

    Please talk me about yourself: what do you please most of all and what are your intent and ambitions?

    What kind of bi-monthly, canto do you like? I’ll try to talk about myself more in my next mail. I waiting for your rejoin so much.

    Good Luck

    …..seems legit.

  22. It will be interesting to see how these scam packages evolve as AI becomes more available and open source. I’ll bet that within the decade packages like this will have a trained AI included in the deal.

  23. This could be a good business opportunity for investigators who can verify the person writing by going and seeing them and getting identification. If they are legit they shouldn’t object to providing their address to their Lover’s investigator. It should be a quick and profitable business since most will hand out non-existing addresses.

  24. The most prominent story I’ve heard of an internet dating scam: 68-year old physics professor tricked into thinking he’s dating a 30-year old bikini model. Not sure whether he ever sent her money, but he ended up in jail for trafficking drugs. Maybe better if he’d just sent her money.

  25. I see the results of online dating scams on a regular basis, usually causing the victims (both genders) a lot a heartburn and heartache. I have to give the bad guys their props; they are excellent amateur psychologists.

  26. When it got down to fact-driven source like Kerbs, it could be a good idea to present validated facts even for non-security related information.
    Statement “although Russia is considered by many to be among the most hostile countries toward homosexuals” is utterly incorrect as homosexuals has only two limitations in Russia – it is prohibited to expose any young person to gay propaganda and gay parades are restricted in most of cities. Apart of that no other restrictions are applied.
    By all means, I would not call this hostile environment.

    • First, Krebs didn’t state that the country is hostile to homosexuals, just that it’s perceived to be. He could put up more evidence of that, but it’s not getting challenged at all in the comments, which says to me that it is, in fact, commonly perceived as such (I know I perceive it as such).

      Second, it sounds like those “only two” restrictions amount to “don’t exist in public as a gay person”, which is pretty hostile if you ask me.