Scams targeting military members (and even their families) shouldn’t be a primary concern considering the sacrifices they already make for their country. Unfortunately, the droves of instances we see and the reports that come in daily paint a different picture. In fact, the number of identity theft reports from service members is much higher when compared to non-military consumers. From 2017 to June 30, 2021, the FTC received over 800,000 consumer reports from service members, including veterans, active duty, reservists and their families. Total losses tally up to $822.1M, with 420,697 of these reports related to fraud. According to the FBI’s 2020 iC3 report, 12,827 government-specific impersonations alone were reported – an increase of nearly 40 percent since 2017. When it comes to military romance scams, in particular, a threat actor often poses as a service member in online dating forums (or otherwise) looking to build a trusted relationship. Once a victim is hooked, soliciting money for various service-related needs begins, ranging from transportation, communication, and medical expenses to marriage processing fees.
Providing digital protection to high-risk personnel in the military in 2020, ZeroFox took down 40,000 impersonated social media accounts. That number has increased exponentially year over year since 2017, up from less than 1,000 takedowns.
A government official source confirmed, “this area is growing at a very fast pace, particularly in the area of romance scams where you can see significant increases in those reported to the FBI over the past five years.” The data mentioned is just a slice of the bigger picture, considering how many incidents occur without being reported. It’s a safe bet these numbers are much larger in reality and will continue to grow as threat actors evolve their tactics.
With numbers like this, you might be asking: Why are cybercriminals targeting the military in the first place? Reasons began to surface as far back as 2016 when the ZeroFOX threat research team did some digging (you can read the full report here to see how these trends carry over into today’s threat landscape). “While these criminals target everyone, corporate executives, celebrities, financial markets, government employees and military service members alike, the impersonation of military members provides a certain level of veracity and flexibility to their scam,” said our government official. In other words, the military community provides common social engineering protocols that are easily researched and broadly applied to individual victims.
Identifying a Military Romance Scam
The role service members play in defending our nation inspires emotion that is easily preyed upon. While many impersonation scams occur on social media, online dating sites prove to be another effective scamming platform. Our government official went on to say, “using tactics such as stating they are currently deployed, stuck overseas, do not have money to pay for a plane ticket home or need money for medical expenses all play on people’s emotions.” This is especially true for those who believe they are communicating with a “match” from a dating site.
People of every gender and age pursue romantic opportunities online, but in general, most tend to place a higher degree of trust in someone wearing a uniform. “Most victims are women who have been swooned into an online relationship,” said our government official. “According to the 2020 IC3 stats, there were 23,751 reported victims with a combined loss of $600,249,821. That’s a staggering number. We are talking about an average monetary loss of $25,272 per victim, without taking into account the emotional loss to the victims.”
On the flipside, threat actors use fake dating profiles to lure or “catfish” service members. Again, once a scammer establishes the relationship, they will move to request funds. In this case, it is usually under the guise of costs to travel or as a plea for financial help in a staged emergency. For the scammed service member, the losses resulting from being involved in a romance scam are both emotional and financial in nature. Equal or perhaps more impactful is the loss of reputation. For military officers and senior officials, the loss of reputation can often tarnish a lifelong career of dedicated public service.
Adam Darrah, ZeroFox Director of Intelligence Services, has investigated this growing threat and discussed his findings on Federal Drive with Tom Temin. “[Threat actors] spray a lot against the wall to see what sticks so they’ll approach a military person on social media as well.” Darrah went on to describe the level of detail that can be collected with just a little bit of research. “[Our military members will post] their pictures [and even] where they’re living. Bad guys [will use this to befriend and] take advantage of [those] away from loved ones and use that as a vulnerability — as a front door, a cracked open little door as an entry point. In the government circles, we call it a vulnerability and not in a negative sense. People prey on these vulnerabilities. Next thing you know, they’re asking for money, they’re asking for favors, gift cards. It could be anything.”
Steps to Protect and Defend
Romance scams are just one of many ways threat actors use social media against military members. Others include, but are not limited to, exploited digital IDs, disinformation, identity theft leading to fraud, as well as military entity and organization phishing attacks.
Darrah also shared his thoughts on what military members experience and the importance of reaching out for help. “The military, to its credit, has lots of resources available. For example, they have a military consumer site, there’s an FTC identity theft page for military members to talk to, you have your commanding officers to talk to. My main message would be, we’ve all been there. We’ve all been tricked. We’ve all been duped. Don’t be shy, don’t be ashamed.” Darrah went on to say “the most important thing any military member can do, if something doesn’t feel right, talk to somebody about. Talk to somebody with authority, or with expertise in this area. There’s a lot of help out there for military servicemen and women. Each branch of the military has its own support system to take care of you. We’ve even seen some financial institutions refund you from being scammed. So please don’t be shy. You’re not alone.”
My main message would be, we’ve all been there. We’ve all been tricked. We’ve all been duped. Don’t be shy, don’t be ashamed.Adam Darrah, ZeroFox Director of Intelligence Services
There are several ways both military organizations and individual military personnel can fight back and keep themselves and their families protected. The first step to protect against any form of cyberattack is awareness. This applies equally to individuals, their families and organizations needing to protect employees, executives and those they serve. Download our whitepaper “Impersonation Warfare: Top Military Scams and How to Avoid Getting Caught in the Line of Fire“ to uncover the top scams facing the U.S. military as well as steps that can be taken to ensure increased protection for what’s already at our doorstep and what’s to come.