It’s no surprise, really. We’re all working from home and tethered to our devices, so cybercriminals are having a field day trying — and sometimes succeeding — to prey on our trust and rip us off. Romance scams in particular skyrocketed during COVID-19 lockdowns. Usually, I block them immediately. It’s the best thing to do. Case in point: No, I am not Doctor Thomas, and No, I can’t help your pet cat. This scam has plenty of hallmarks: a vague, random message from a stranger? Check. A profile picture of a conventionally good-looking woman? Check. Also, who makes a vet’s appointment by messaging the veterinarian directly on WhatsApp? It just doesn’t make sense. I’m not the only one who’s been receiving these messages. A scammer recently targeted my friend, and she didn’t block him immediately. Instead, she confronted the scammer. I’ve summarized my friend’s experience below in the hope it helps you spot and avoid these scams.
“We Can Get to Know Each Other”
The Mason Scam, as I’ll call it, is becoming a fairly common romance scam, which is different from your typical phishing trap. The “Mason” in question goes by other names as well, like SSgt Mason E Vasquez or SSgt Mason Edwards. After a little digging, I found that it has been around for a while. This social engineering attack is a kind of romance scam that starts out in a very typical way: a complete stranger messages you and tries to strike up a conversation. In this case, my friend was messaged by somebody using the name Arthur Mason. Fortunately, my friend was already guarded against these kinds of messages. After a quick Google image search, she uncovered that it was a scam. I asked her whether she suspected anything when she received the first message, and — like me with Dr. Thomas — she was immediately apprehensive. Here’s her experience, in her own words:
- How long did it take for you to become suspicious? Was it the first message, or only after the “we can get to know each other” comment? “Part of my job role involves training staff on security awareness, so I’m always a little mindful of leading by example and making sure I don’t fall victim to one of these scams. I had an inkling almost immediately that something wasn’t right; a stranger messaging my private profile on a social media site asking to know more about me didn’t seem genuine, I had never corresponded with this person before, we didn’t share the same interests, they hadn’t joined groups I participate in. It all seemed a little strange to begin with.”
- I see you found his image online, tied to a scam. How did you work out that this was a scammer? “I’ve known about reverse image search for a while now, so it didn’t take too long to add the image and check the results.”
- Have you received similar messages in the past? “Yes, across a variety of platforms, including social media and also dating sites. The worrying aspect of this is that most platforms don’t require you to verify your photo by taking a selfie/live image. This means anyone could potentially use an image not relating to them and purport to be someone else.”
- Have your friends or family seen similar messages? “Friends have. Some have fallen victim to a scammer, too.”
- Would you say that you get more of these types of messages now than you used to? “Yes, definitely since post-COVID. It’s not just scammers using images of other people; there has been a significant increase in the number of posts on social media relating to a lost/found dog and asking for the post to be shared. The comment section is usually turned off, and the person who posted is a new profile and has posted elsewhere, but changed the location. Once the post has a sufficient number of people sharing, the scammer changes the content of the post, removes the photo of the dog, and adds a suspicious link – which typically suggests people can earn more money if they click the link. The link is usually a credential harvest, whereby the user is asked to enter their personal details. This can be used for identity theft. I’ve also seen similar posts, but relating to a missing child/vulnerable person. It’s shocking the lengths these scammers will go to, to steal your data.”
- What advice do you have for people who get messages from unknown contacts? “If in doubt, don’t give out your details. Always trust your gut instinct; if something feels too good to be true, it usually is. Reverse image searching is free and simple to do, and it takes seconds. Make sure your social media profile is private and be wary of the dangers of posting children’s photos. Scammers typically try to create a sense of urgency, such as offering you money/telling you someone has accessed your bank account, and that you only have a limited time to fix it. In addition, always ensure you apply multi-factor authentication (MFA or 2FA) to your accounts, and create a strong password by using at least three random words. Make sure you have different passwords for different accounts and store your password in an online password manager.“
A Long-Running Scam
With a little Facebook sleuthing, I found that people are still being scammed as recently as four weeks ago. Scammers use different names, including Edward Mason, Edwards Smith Mason, Kevin Mason, Keith Edward Mason, Vasquez Edward Mason, and Mark Mason. It’s not just limited to one platform, either. The scam has invaded Facebook, TikTok, Instagram, and even dating websites like Plenty of Fish. Worse still, the scammers are hijacking a real person’s photos. The guy you see in the photo above is supposedly aware of the problem. Even so, it can’t be nice to have your likeness used for a scam of this size. As far as I can tell, it’s been going on for well over a year. Fortunately, my friend is aware of the risks of social engineering attacks, and she sent the scammer packing. However, not everyone is so lucky or well-versed in cybersecurity risks. I found a bunch of unfortunate Facebook victims, including one who appears to have lost money to this scam. In 2022, the United Kingdom’s National Fraud & Cyber Crime Reporting Centre (Action Fraud) reported a cumulative £92 million loss to romance scams in a single year, and that’s just in the UK. In the United States, the FTC released figures recording a $304 million loss in 2020. Scary, right? Cybercriminals have clearly found that there are big bucks to be made from preying on people’s emotions. Romance scammers are succeeding in ripping off older users, which could be down to unfamiliarity with technology. The majority of victims were aged 50 to 59 years old. The second-highest number of victims were 40 to 49 years old, with the third-largest group being between the ages of 30 to 39. These numbers show a need for education on social engineering and romance scams.
How to Report a Romance Scam
Does this experience sound familiar to you? Perhaps you’ve been targeted by a scammer too, and maybe you’ve even handed over information. It’s always best to report romance and other scams to the relevant authorities:
Europe: Report the scam to the European Anti-Fraud Office. United Kingdom: Report the scam through Action Fraud by calling 0300 123 2040. You can also raise a report through Action Fraud’s website. United States: Report the scam to the Federal Trade Commission.
Exposing romance scams is important. While it may seem like a small offense, there are organizations whose job is to investigate and pursue those responsible for prolific romance scams. Remember, your report could help other people to avoid falling victim in the future.