Southeast Asian scammers preying on strangers with texting romance

Accidental mis-texts might lead to new friendships – or the embrace of criminal rings working diligently from Southeast Asia to scam their victims.

An investigation by security company Sophos revealed an online criminal circle operating in Southeast Asia that targets victims in the US. Using social engineering, the organization tries to convince its targets to invest in cryptocurrency.

In such “pig butchering” or “romance” scams, threat actors use online psychological manipulation techniques to connect with a victim before convincing them to get involved in bogus financial schemes.

Reportedly, the group, which Sophos did not name, operates through messages sent over Apple’s iMessage or other digital channels for short message service (SMS) texts. Scammers use intentionally misaddressed messages to spam a wide range of potential victims and, subsequently, focus on those who respond.

A screenshot of initial conversation with “Harley” | Image by Sophos
A screenshot of initial conversation with “Harley” | Source Sophos

They start with casual conversation and may even use the coincidence of the initial interaction as evidence that they are "destined to be friends."

Following this, the scam progresses, with the scammer seeking to move the target to another messaging platform to facilitate easier communication. The group is believed by Sophos to consist of male and female con artists.

This team of scammers will likely engage with victims through messaging, also creating media content to provide false evidence of their history to allay suspicion and keep the conversation going.

‘Sour grape’ scam

Sean Gallagher, a researcher at Sophos, investigated the scam, which he dubbed “sour grape.” His investigation started after he received a misaddressed message from a self-proclaimed Malaysian woman named Harley and started interacting with her.

The photo sent by “Harley” via text message | Image by Sophos
The photo sent by “Harley” via text message | Image by Sophos

The woman was sending him pictures, sharing her personal life details, such as an emotional divorce and considerable losses in a family-owned winery business due to COVID-19.

The online ‘romance’ ultimately resulted in the woman disclosing that she had minimized her financial losses through crypto-investments, at which point she began to share images of her luxurious cars and Miami villa. In the name of ‘friendship,’ she offered to teach Gallagher how to invest and profit from short-term investments in cryptocurrency, on the legitimate trading platform

"Harley" sharing her life story | Image by Sophos
"Harley" sharing her life story | Image by Sophos

The researcher discovered that the group she worked for had accumulated more than $3 million US in cryptocurrency within a five-month timeframe. This was only one of many similar fraud schemes that used similar tactics, websites, and applications.

Sophos was unable to collect complete wallet information for the false trading and liquidity mining applications the group used. However, researchers presume that the crime syndicate’s total illicit earnings are considerably higher than the figure given above.Screenshot

Chat with "Harley" | Image by Sophos
Screenshot of chat with "Harley" | Image by Sophos

Romance scams wiping out wallets

According to initial findings from the FBI's Internet Crime Complaint Center, 2022 saw another historic high for romance scams, resulting in an estimated 19,000 victims in the US, who collectively lost around $739 million.

This represents a surge from 2021, when reported losses reached a record-breaking $547 million, as the Federal Trade Commission (FTC) reported. Over the past five years, scammers have swindled romance seekers out of $1.3 billion, a staggering six-fold increase from the 2017 figures.