Love & Money is a MarketWatch series looking at how our relationship with money impacts our relationships with significant others, friends and family.
When Billy, a 25-year-old tech worker in the New York City area, first saw the beautiful blonde with blue eyes on online dating app OkCupid
IAC,
he was enamored. When he got a notification she had “liked” him on the app, he messaged her immediately.
“I was amazed she was interested in me,” he said. “She looked like a model, to be honest, and when we started talking she was so friendly. It felt too good to be true.”
“‘She looked like a model, to be honest, and when we started talking she was so friendly. It felt too good to be true.’”
The user, whose profile name was KellyCute 320, started sending Billy suggestive messages within minutes. She convinced him to log onto Skype
MSFT,
for a conversation that quickly became sexual.
But the experience quickly took a turn: Afterwards, the woman told him she had saved pictures of their brief cyber-sex session and was going to send them to everyone he knew, messages reviewed by MarketWatch confirmed. The woman demanded that Billy — who asked MarketWatch not publish his last name — pay her $800 immediately to keep the photos under wraps.
“All of a sudden she showed me all of these screenshots, and then showed me she had pulled up the Facebook
US:FB
pages of my aunt, my sister, the company I work for, all these people,” he said. “I started to panic.”
A message that KellyCute 320 sent Billy.
Screen shot provided to MarketWatch
Tens of thousands of Americans fall victim to online romance-related scams each year, according to the Federal Trade Commission. In 2018, more than 21,000 romance scams were reported to the FTC, up from 8,500 in 2015. People targeted by these scams reported a median loss of $2,600n or a collective loss of $143 million in 2018.
Romance-related attacks can range from scammers targeting victims they meet on dating apps for money — often claiming they will come to visit or inventing emergencies like a car breaking down or medical costs — to blackmailing attempts like the one Billy experienced.
“‘With these kinds of attacks, people want to get some type of psychological leverage against people, or a position of authority to get what they want.’”
“Sextortion” attacks like these are on the rise, according to a report from Barracuda Research, a data protection firm based in Campbell, Calif. It found 1 in 10 phishing emails were blackmail or sextortion attacks. Today, Americans are twice as likely to be targeted in a sextortion scam than in a business email attack, the report said.
“We are seeing more and more of these cyber attacks that take advantage of social engineering,” Asaf Cidon, vice president of content security at Barracuda Networks, said. “Usually with these kinds of attacks, people want to get some type of psychological leverage against people, or a position of authority to get what they want.”
In this case, the woman demanded Billy wire her $800 immediately or she would release the graphic sexual images to his family and workplace. She showed him she had already uploaded a video to YouTube
GOOG,
of their Skype session and said she and would soon start to send it around. Alarmed, he immediately signed up for an account on Xoom, a money-wiring service, while she watched through his shared screen. He sent the money that night.
OKCupid declined to comment on Billy’s specific case, but said the user account that initially contacted Billy is no longer live on its site. OkCupid warns users to be suspicious of anyone asking for money or requesting photographs.
“‘I had been going through a hard time and it really satisfied me to see this person who was so beautiful that seemed to be so into me.’”
“I had been going through a hard time and it really satisfied me to see this person who was so beautiful that seemed to be so into me,” Billy said. “I was going through a lot that made me make such a stupid decision.”
Generally, attacks are not as direct as what Billy experienced, Cidon said. In most cases, someone will email a victim claiming to have hacked them and say they have compromising photos. In those cases, it’s best to ignore the claims, which are probably false, Cidon said.
“In most accounts we deal with, attackers have a threat of blackmail but they don’t actually have anything — they’re just trying to trick you,” he said.
Even if a victim knows the attackers do have compromising information like photos, Cidon suggested never paying the ransom, as the attackers may simply ask for more money as soon as they know they have you on the hook.
That’s what happened to Billy: After his initial payment of $800, the woman demanded $1,500 more. Billy declined. He later noticed the account he sent the money to was based in the Philippines. After sending him a series of threats, the woman stopped messaging him.
He never contacted law enforcement or OkCupid because he was embarrassed and afraid the woman would retaliate. “I know for a fact not everyone would make this error, but if you find the right vulnerable person, you can make a lot of money,” Billy said. “That’s what makes this so dangerous.”
Tinder and other dating apps have been working to crack down on fake accounts since their inception. But it’s much easier for their algorithms to track and shut down bots than to weed out accounts used by real people for nefarious purposes, Cidon said.
“These kinds of attacks are almost always carried out by an actual person, which makes it harder to catch,” he said. “We suspect a lot of folks are falling for this — attackers don’t do these things unless they work well.”
Billy said after months of being afraid, he’s back to dating online, but he’s more careful now. “Looking back on it, I knew it was too good to be true,” he said. “I’m still on the apps, but now there are likes I have gotten that I ignore because they don’t look real.”
Shares of IACT/Interatactive Corp.
IAC,
which owns Tinder, Match and OkCupid, are up 43% year-to-date versus a 12.5% increase in the Dow Jones Industrial Average
DJIA,
and a 16% increase for the S&P 500
SPX,
(This story was updated on Aug. 23, 2019.)
