Fraud-as-a-Service (FaaS) has been around for years. It started with adapting malware, then deploying DDoS attacks. These were technology-based services.

Now it has evolved to include more interpersonal services, including call center services. Yes, there are call centers advertising their services on the dark web that knowingly help fraudsters steal money.  (See recent Krebs on Security post on call center services.)

One recently discovered example of the latest generation of FaaS features providing call center services to support sweetheart scams.

In this instance, a fraudsters may have read about the success of sweetheart scams and would like to give it a go. But he really doesn’t know how to do it. No worries! There are other fraudsters who are happy to sell him whatever he needs to successfully trick lonely hearts into sending him money or acting as a money mule.

He starts by purchasing a pre-packaged sweetheart scam (Krebs also recently wrote about these sweetheart scam kits). It includes everything he needs:

  • Email templates, including many variations for different stages of the scam, and even includes emails from “mom” pleading with the victim to help, adding legitimacy to the scam.
  • Best practices on how to implement the scam, including suggestions for who are the best targets, information on how to manage the scam, what persona to create, and a decision tree to guide next steps when faced with different responses.
  • Photos of who the fraudster is posing to be and profiles to post on dating sites.
  • Even black lists of who not to include, which may include known law enforcement personnel or security experts who just play along but know it’s a scam.

The fraudster then identifies who to target and starts reaching out with email or creates profiles on dating sites, and once he gets some responses he sticks with emails as long as possible to get victim engaged.

He has decided that he wants to set up his victims as money mules through which he will launder fraudulent checks. There comes a time in the scam where more personal contact is needed to escalate the scam to the next level. He needs to explain to his victim why he needs help with deposits, but also explain that he doesn’t have regular access to phone and will need to rely primarily on email. Often sweetheart scammers pose as deployed military, oil platform workers, or someone in a remote location without reliable phone service.

But the fraudster has presented himself as a woman, and he doesn’t speak English, whereas his victim is American. This is where the call center comes in. He simply completes a form providing all the relevant details – his character’s name, information about the victim including personal details such as a nickname, background on the setup, what he needs the victim to do, etc. He submits this to the call center with payment (in Bitcoin), and they identify the right person to play the role, and make the call, setting the hook and initiating what is often a long series of money mule deposits and withdrawals.

Another version of the sweetheart scam is when the fraudsters creates a crisis and asks the victim for money (e.g. detained at the airport, a visa issue, is stranded – so needs money). Again, a call is most effective, and the FaaS call center is happy to help. Fraudsters also use call centers to pose as account holders and call financial institutions directly to, for example, request a wire transfer or change contact information to bypass dual controls.

The sweetheart scam is proven to be effective, expanded to a larger group of criminals through packaged kits and call center services. The result is victims tricked into laundering money or robbed of their own account balances. With the exception of requirements to report money mules, financial institutions are largely blameless. But there’s an opportunity to avoid time spent trying to unravel fraudulent activity, and rescuing victims from this fate results in a loyal client for life.

By monitoring account holder behavior, FIs can detect sudden increases in the volume of deposits, the size of deposits, and the short window between deposits and withdrawals, all of which suggest possible money mule activity. If payments include wires, FIs might detect unusual use of the wire payment service or new beneficiaries in unusual locations. Whatever the scheme, to the extent it includes money flowing into and out of a client’s account, the FI has the opportunity to detect the scam and deny the fraudsters of another payday.