Looking for Love in All the Wrong Places
It took Johnny less than 60 seconds to agree to pay the offender the $400 in exchange for a promise to delete the photos and drop their threat
"I desperately need your help... Can you talk?" This was the frantic text I received from an old friend while my son was at the orthodontist yesterday. Five hours later I was deep down the rabbit hole of romance scams and sextortion.
It all started when "Johnny Lee" got an ad on Instagram for a dating app called Duet. If you're like me and have been out of the dating game for the better part of the last two decades, you might be wondering—what's Duet? Me too, friend. Me too. Duet is a Tinder-like mobile dating app that matches users with mutual interests. According to their download page on the Apple App Store, they seem to pride themselves on keeping scammers off of the app. What they don't mention is that they're based in Hong Kong. That's buried deep in their Terms of Service.
As it turns out, Duet's anti-scammer claims are less than 100% accurate. Now, I won't go as far as to say Duet is definitely a honeypot for romance scams, but it's certainly an app I'm putting on the shelf for a little rainy day research in the future. A little over a week after starting on Duet, Johnny decided to buy a one-week subscription for the app's premium features. The next day he was matched with "Emily." Before long Emily suggested they get to know each other better on Telegram.
Before I go much further, I should clarify that Johnny is a single, divorcé who doesn't have the best dating record. He's ended up in more one than tumultuous relationship in the many years we've known each other, but bless his heart he just keeps putting himself out there and looking for love in all the wrong places. In what transpires below, I give him a lot of credit for having the courage to reach out for help when he did. Ultimately, he ended up transferring upwards of $9,000 in Bitcoin and Apple gift cards to his scammer, as well as providing them everything from his Social Security number to bank account access—all while under duress. Finding strength to stop and ask for help in the middle of that takes a lot.
Twenty minutes after Johnny first contacted Emily on Telegram she greeted him with small talk, an unsolicited selfie, and a request for a pic. In the realm of social engineering, this early gesture often creates a sense of openness in targeted individuals, as well as a feeling of obligation to respond in kind. While sitting in his home office, Johnny sent a tasteful photograph, which was met with immediate flattery and a request for his Instagram handle. In retrospect, the initial Instagram ad pushing Johnny to Duet, and his new love interest's immediate query for an Instagram handle may be nothing more than coincidence, but I'd be remiss not to highlight the anomaly.
Where Emily went next is not suitable for all ages, but recall that Johnny is a single adult in what he believes to be a consenting relationship with a woman he met on a dating app that prides itself on verifying its users. I was fortunate to marry before this new world of "dating on the apps," but I'm quite confident a random sampling of single adults would agree Johnny did nothing wrong.
Just as Johnny started in on his love of EDM music, Emily went in for the kill inquiring whether he liked "freaky babes," sending another unsolicited (but fully clothed) selfie, and suggesting they exchange less wholesome photographs. Johnny attempted to steer the conversation back towards the real world, but was quickly added to a Telegram Secret Chat, complete with self-destructing messages and a false sense of security—all within approximately 25 minutes of first contact on Telegram. Emily was a fast mover!
A little over an hour after joining the Secret Chat, Johnny received a new message from Emily back on main, except Emily wasn't Emily anymore. Emily was a man, and he was not very friendly. He would later claim his name was "Naymah" (phonetically, 'nay-mah' and spoken with a possible West African accent, though initial research did not reveal a correlating male name).
In addition to the below message, Johnny received a screenshot of a draft message tagging CNN, the BBC, his Instagram account, and a Google Voice number in a claim he had assaulted a minor and threatened her not to report the situation to the police. Now I don't have physical evidence of the conversation that took place in that Secret Chat, but the events that initiated it do not appear to substantiate this claim. What we have instead is a clear case of financial sextortion.
While Johnny is not the only consenting adult to be targeted by financial sextortion, the twist of accusing him of assaulting a minor is a somewhat unique hook used on adult victims who may be less concerned about the prospect of a few nudes leaking out on the internet. The prospect of getting entangled in an alleged scandal is enough to convince some adults that it may be easier to make a one-time payment to a nameless, faceless stranger on the internet. Unfortunately, there is no such thing as an easy fix in this situation.
It took Johnny less than 60 seconds to agree to pay the offender the demanded $400 in exchange for a promise to delete the photos and drop their threat of exposure. After a brief discussion over payment instruments, Johnny was instructed to load $400 onto Cash App and transfer it as bitcoin. Within 10 minutes, Naymah was attempting to increase the sense of urgency by calling Johnny via Telegram. Within 20 minutes, Johnny had initiated his first bitcoin transfer of $400, but his hopes of freedom were quickly dashed when Naymah informed Johnny he should have chosen the 'priority' transfer and would have to send a $400 iTunes gift card by email through the Apple App Store.
After an hour of attempting various methods including Apple Pay and PayPal, Naymah instructed Johnny to go to the store and buy physical Apple gift cards. (Sidenote: Is there any legitimate use for Apple gift cards anymore? I'd love to hear of a scenario where the utility of their existence outweighs the fraud they enable.) In an effort to keep stress levels high, Naymah set a timer on his phone and counted Johnny down as he walked to the store.
Ten minutes later, Johnny was scratching off the back of an Apple gift card and sending pictures to Naymah in hopes of being free, but his hopes were quickly dashed by a demand for another $1,500 in Apple gift cards. Shortly after 8pm, several stores later and six hours after getting started on Telegram, Johnny transferred the final Apple gift card needed to reach the additional $1,500 mark. Then he waited for confirmation...
Another eight hours passed. At 4:30 am Johnny awoke to the news that Naymah's "boss" was now aware of the situation and demanding Johnny pay an $800 "settlement fee." By 6am, Johnny met the demand with bitcoin, only to be informed the "manager" now wanted another $1,000. By midday, Johnny had met another demand, only to have the stakes raised yet again. Now it was $3,000 due in two payments—$1,500 by July 23rd and another $1,500 by August 6th. Johnny was broke, and Johnny had a child to think about.
Over the next week, Naymah peppered Johnny with demands, while also conditioning him into a rapport-building cycle. First, Naymah required Johnny check in twice a day, eventually agreeing to a once-a-day check-in at 6pm. Then, Naymah intermittently demanded small bitcoin payments he claimed were for marijuana. The conversation included memes and music preferences. After a week, Naymah sent $400 to Johnny's Cash App account, and said he needed it converted to bitcoin. Naymah was upping the stakes from simple extortion to money laundering.
By July 20th, Johnny had begun saving up enough to make his next payment, when Naymah raised the stakes yet again. Only this time Naymah wanted access to Johnny's maxed-out credit card account, claiming that he would pay down $5k-$10k of the balance before requiring Johnny to then withdraw additional funds from the account and transfer them back to Naymah. Johnny relented—providing login credentials and a photograph with the card details.
Naymah transferred over $9,000 to pay down the balance of Johnny's credit card before demanding Johnny begin purchasing Apple gift cards with the credit. Johnny complied by sending back another $2,000 in Apple gift cards, while also meeting his initial $1,500 payment requirement and starting on what he hoped would be his last $1,500 payment. Meanwhile, Naymah's remaining ~$7k was still pending and taking longer to release than usual.
On the afternoon of the 22nd, Johnny got another disturbing string of demands. Naymah wanted Johnny's driver's license, social security number, mother's maiden name, and the rest of his banking information. Johnny felt sickened, but he was in too deep. The stress was overwhelming. Johnny provided the information, and Naymah logged into Johnny's primary bank account. It was locked immediately.
Naymah assured Johnny he could call the bank and get the account unlocked. Johnny tried but the bank wanted to know the make and model of the phone used to login. Johnny asked Naymah. Naymah didn't want to answer. The account stayed locked. Naymah had already allegedly made a transfer of over $4,500 into the account. Naymah was pissed. There was nothing Johnny could do, but contemplate who he could go to for help.
After Johnny and I talked, Johnny called his banks and the three major credit bureaus to explain what had happened and let them know he had now also been the victim of identity theft. The banks' fraud departments began their investigations into Naymah immediately, while also helping Johnny re-secure control of his accounts. The credit bureaus helped Johnny place freezes on his credit, effectively preventing Naymah from using Johnny's identity to open additional fraudulent accounts.
Ultimately, the money Naymah transferred to Johnny will likely be seized by the bank, as it almost certainly was fraudulently acquired by Naymah from other victims in similar situations. By my calculations, Johnny was transferred approximately $9,625, plus taxes and fees, in bitcoin and gift cards before he reached his breaking point. Compared to other forms of romance scams, this is on the low end, as losses sometimes end up in the hundreds of thousands.
At the time of writing, Naymah is still sending threats on Telegram, but has not yet followed through. Eventually, he will likely post something, but he knows that when he does he loses his leverage—and well over $10,000 in funds transferred into Johnny's accounts. Johnny is still pretty stressed, and worrying about the many what-if scenarios involving Naymah trying to recontact him. He has some solace in knowing that his bank accounts and credit are secure again, but healing takes time.
Johnny asked me to draft this blog for him to preempt any future claims Naymah may make in relation to Naymah's sextortion scheme. I agreed because I believe there's value in sharing Johnny's experience for others to learn from. If you find yourself in a similar situation, or if you're already well down that path, I'd urge you to seek help.
You can call 1-800-CALL-FBI for help, contact your local FBI field office, or report online at tips.fbi.gov. You can also seek assistance through your financial institution's fraud department, or reach out to a trusted adult if you'r under age.
Indicators of Compromise
The following indicators represent accounts used by Emily/Naimah during the course of their fraudulent activity:
- Bitcoin address: 1Ajt8f2Cefp35KFYfZQa62MTdMT3nge62z
- Telegram username: [at]lisakeeloree
- Telegram UID: 7119740421
- Email: hiynrmia[at]gmail[dot]com
- Phone number: +13046275202