So far, romance scam victims have been incredibly lucky in one respect.

Yes, they have lost much to the scammers, but the scammers were focused on a one-dimensional attack. A straight on manipulative attack to gain money.

However, what comes with vast amounts of money?

As we have seen with the Drug Cartels – with endless streams of money comes incredible sophistication:

  • in organization
  • in infrastructure
  • and battlefield techniques

Today’s Drug Lords are a government in and of themselves, and their “army” is equal in strength to the Mexican Army.

Now think about the Nigerian Scammer Cartels? Billions pour in every year. Are you still thinking these are just poor men sitting on the floor with a beat up old laptop?

Nigerian and other West African cartels are growing and maturing FAST! They now include one of the world’s fastest-growing hacker forces (not what you call a hacker – but real cyberwarfare level hackers).

They have moved from the cheap trick scams of 419 and other scams to more sophisticated BEC scams and are now fully engaged with all manner of phishing scams impersonating big businesses and even governments.

However, we have just seen the first examples of something truly frightening.

Malware delivered through romance scams that will permanently grant the scammer access to the victim.

We expected attackers will find new methods of luring victims through malvertising (malware delivered through advertising clicks). But this is more in the form of Trojans that infect the scam victim’s phone or computer to prevent blocking of the scammer. Thus, giving the scammer a more permanent way to reach and rescam victims.

Exactly what methods this will be will evolve, but it will include keyloggers that trap logins and passwords so the scammers can “take Over” a victim’s accounts and use them to launch scam attacks against friends and families in the victim’s name.

It will also, likely include Bank Account takeovers to drain funds without having to ask for money – bank to bank – through MULES or direct.

Considering the geopolitical climate, we can also expect information theft to continue through the use of surveillance software, as well as via attacks leveraging non-public exploits.

Additionally, we expect to see more worms and other commodity malware that can spread rapidly from the victim’s own devices – thus making them unknowing accomplices.

This is the real impact of victims’ failure to report scammers. Governments for too long ignored the problem because it was not large enough to be worth the investment of time and energy. Now it is too late, and larger scale measures need to be taken.

Unfortunately, this will be a lay down for the scammers, since most victims refuse to share the knowledge they have gained due to their own embarrassment. Between not reporting these crimes, and not sharing the knowledge, everyone else is at risk.