This one is a bit personal. I have been under a targetted grief scam attack for about a month, now, although the early stages of it started a little over two months ago, and the origin of the whole process now dates back almost five months. My colleagues in security are finding this hilarious, of course, and have encouraged me to continue the contact, for research purposes.
In that regard, it has been somewhat useful. At the very least, it has pointed me to the use, and utility, of the concept of "
frictionless" as a characteristic of conversational style that can be used, surprisingly early in the process, for identifying some contact as a scam, or potential scam. In addition (and somewhat relatedly), I have been intrigued at the (mostly indirect) connections between the research into online scams and frauds, and my research into the risks of the new generative artificial intelligence systems.
(At the very least, the next time I do a series of seminars or workshops into protecting yourself against online scams and frauds, this incident is going to take up and entire episode.)
Background: the Widowed Village organization (associated with Soaring Spirits International) has a "pen pal" offering. (Someone asked if Widowed Village is, itself, a scam. I doubt it. They do seem to have taken steps to protect their members, although those steps seem to be insufficient. I believe the organization is honestly wishing to do service to those in distress, although, as with
all too many such, I wonder if they have put enough effort into ensuring that their services are actually helpful, or sufficiently address the possible risks.) I've been "matched" with six pen pals, only one of which has continued beyond two transactions (one stopping immediately after a mention of my research into
grief scams). However, I've noted that he (all the matches seem to be the same gender, presumably as a minimalist protection against romance/grief scams) hasn't really said much about himself, although he always commended me on being so honest and open.
"Edmund" is 49 and has an 18 year-old daughter who means the world to him (but whom he never otherwise mentions). I told "him" a lot about myself (including the fact that I was a security expert), and even more was available in my blog. "He" was always appreciative. The only thing he really mentioned about himself was a major road-building contract coming up in the Middle East, which needed investment. (Hey, I'm a professional paranoiac. At this point I'm starting to see signs of a potential scam. But I keep going.)
So, after eight transactions back and forth, today I received:
***
Meanwhile, I met a woman here in Turkey who is in her early 60s. She’s a gemstone trader and is currently facing a difficult situation. She came to Turkey to purchase some gemstones to bring back to the United States but was held at the airport for not having the required export license. Now, she’s facing the possibility of a four-year jail sentence.
She explained that she has a trust fund left to her, which she needs to claim in order to get the finance needed to resolve her issues. The trust has a mandate that it must be claimed with a man present in her life. She is a widower, and I want to be clear that I cannot get involved with her personally.
Would you be interested in communicating with her or offering any assistance?
***
1) Hands up those who think that this is a variant but fairly classic grief scam, with an initial approach by someone presenting as male to get around the system's grief scam protection, and then redirecting me to the scam?
2) Hands up those who think that this guy is, himself, as a widower, being grief scammed, and I should warn him?
3) Hands up those who think that I have let my professional paranoia run away with me, and I am throwing away a golden opportunity to meet, aid, and fall madly in love with this age-appropriate and wealthy woman who needs my assistance?
Anyway, I carried on, although I did note that neither gem trading nor legalities were my specialties. (OK, I lied a bit about not being familiar with the law.) Now, at this point, "Edmund" seems to get impatient, and (as I had asked him about his daughter) seemed to mess up his response:
***
My daughter is doing well, and I plan to see her when I leave Turkey. I hope you might have the chance to get to know each other. I know she is looking for a trustworthy man to help her with a power of attorney so she can have easier access to the trust fund left for her.
***
So I messed with him a little on that score, but kept going. However, by this time I had also alerted Widowed Village, and they had started an investigation, so I suspected that that scared him off.
Oh, but wait! Before he disappeared, he gave my email address to "Debra." In "her" second message to me, "Debra" noted that "she" was keeping an open mind as we get to know each other as life has taught "her" that meaningful connections often begin with simple conversations, and "she" looks forward to learning more about me. Outside of work, "she" enjoy simple pleasures. "She" likes taking walks, listening to good music, reading, and spending quiet time reflecting or enjoying nature. "She" also enjoys travelling when "she" can, trying new foods, and having relaxed conversations with good company. "She" values honesty, kindness, and a good sense of humor. (I note that this seems to be copied directly from "How to Write A Generically Attractive Dating Profile in 25 Words or Less.")
My colleagues have been interested enough in this tale to ask me to continue the conversation, so I'm updating the progress of the scam here in expanding this posting over time.
"Debra" had been quiet for a couple of days, and I was wondering if "she" had twigged to the fact that I know that this is a scam. But today she sent me a picture! (Of a woman who, five years ago, was running a vintage fashion business.) She also responded to my email, praising everything that I wrote--and saying almost nothing about herself.
In her most recent two messages, "Debra" has included additional pictures with each. I'm learning more about Google Lens and the reverse image search capabilities, but the additional pictures provide little to go on. The pictures could be of the same woman, but, given the "similar" pictures that Google pulls up, they could just be "blonde woman, older but still socially active and visiting the hairdresser quite regularly."
I'm falling down on the job: I should be posting more analysis of the content of the emails. The primary characteristic is "
frictionless." The emails are as polite (and pretty much as content-free) as a conversation with a genAI chatbot. (It is not beyond the bounds of possibility that an AI tool is involved.)
This issue of "friction" in relationships, or "frictionless" conversation, is originating with regard to generative AI, and conversing with chatbots. But it seems to be a useful characteristic in regard to identifying scams. Ordinary relationships have friction: disagreements between the parties to the relationship. Chatbots are primarily built to be polite, and to seldom directly challenge the person they are conversing with, and so the discussions are tending to be described as frictionless. The same characteristics tend to show up in conversations involved in scams.
So, lets examine some of "Debra's" emails to me.
In one of her first extended messages to me, "Debra" said:
"Thank you for your thoughtful message. I truly enjoyed reading it …. you write in a way that makes it easy to picture the moments you describe."
This is vaguely complimentary, but really pretty "content free." As I noted in my experiments with getting genAI to
write a bio for me, you can't really challenge any of it, but you can't prove it, either. It is neither true nor false, and generally pointless.
" [...] interest in minerals as a boy made me smile. It is wonderful how childhood curiosities sometimes shape a lifetime’s work. Perhaps one day you will tell me what some of his favorite finds were. As a mineral geologist, I have always found it fascinating how ordinary stones can hold extraordinary stories."
This seems to have some content, and even a personal connection, but, if you examine it closely, you'll note that it has neither. I subsequently asked "Debra" about the comment about "ordinary stones holding extraordinary stories," and got no response.
"Debra" seems very keen on travel.
"Your life as a teacher and traveler sounds rich with experience. I understand what you mean about business travel losing its romantic shine after a while, though I still try to appreciate the opportunity to see different cultures and landscapes. Istanbul itself is a city full of history and contrasts, and being here has been both interesting and rewarding for me."
While "she" doesn't directly challenge my reluctance to travel, "she" does keep on pushing me to be more open to it. I'm not sure why. If all they want is for me to send money, why do they need me to travel? They may, of course, have a fixation on one of the variations on the scam that relies on getting the mark to travel in order to more firmly establish the investment and connection.
"I was touched by what you shared about Gloria. Four and a half years is not such a long time when someone has meant so much in one's life. Loss changes many things, sometimes in ways we do not expect … even the simple pleasure of reading. I admire your honesty in speaking about grief and depression. It takes strength to keep moving forward while carrying those experiences, and I respect that very much."
Once again, while this is vaguely complimentary, it's also pretty banal, as far as talking about the massive changes that bereavement makes in your life.
"You sound like someone who has lived a full and thoughtful life. I especially admire your dedication to teaching and mentoring others. Preparing security professionals for certification for so many years must have allowed you to influence many lives in meaningful ways."
Again, vaguely complimentary, but, when you examine the text in more detail, lacking actual detail or real connection. Later on "she" mentioned having a husband who died, and, if so, "she" would have a much greater understanding of grief.
"As for me, geology has been more than a career …. It has been a way of seeing the world. I have always enjoyed working outdoors as well as studying minerals and formations in the laboratory. Even now, I still feel a sense of excitement when I encounter a new rock formation or mineral specimen. My work has taken me to several countries over the years, and I believe those experiences have shaped me into a patient and adaptable person."
Much less detail than I would expect in regard to a fulfilling career, or even an important hobby.
"On a personal level, I am a calm and thoughtful woman who appreciates meaningful conversation and companionship. I enjoy quiet evenings, good music, and occasional outings. I also value connections and simple moments of happiness. With age, I think I have learned to appreciate peace of mind and genuine kindness more than anything else."
As previously noted, a pretty vague and generic piece of text that could be taken from any dating site profile.
"I hope your upcoming classical music concert goes well …. It sounds like a lovely event. What kind of classical music do you enjoy most? Do you have favorite composers or pieces that you return to again and again?"
In other messages, "Debra" notes that music is important to "her." So why does "she" say nothing of her own favorite composers, or style of music? Of course, "she" wants to know *my* favorites before she commits to any herself.
"I am glad we have begun this conversation, and I look forward to getting to know you better."
Generically complimentary.
This is getting to be mind-numbingly boring.
First off, it's fairly obvious that "Debra" (and probably "Edmund" before her) really aren't paying attention to what I'm writing. I'm not exactly hiding the fact that I'm a security expert, and my sigblock currently contains a reference to a series of postings on online frauds and scams (of which series this posting is a part).
As noted elsewhere, the frictionless nature of the messages that "Edmund" or Debra" write raises the suspicion that the scammer is using some kind of genAI tool to generate their responses. The messages, as noted above, are pretty content-free. As a test, I took one of the messages that *I* sent, asked a few chatbots to create responses to them, and got results that, while not word-for-word identical, were, effectively, basically the same. I suppose I should save time by simply having a chatbot write my responses to "Debra."
Today "Debra" moved into the next stage of the scam: The Problem. Actually, "she" was still pretty coy about what the problem actually is, but "she" introduced the fact (previously alluded to by "Edmund") that "she" is the beneficiary of a trust fund, but there is a condition that she has to be in a relationship or engaged to someone. (I'm not sure how you can be engaged but not in a relationship, but ...)
As I noted, above, I'd been thinking about reducing the load of continuing this by getting AI to write my responses. Interestingly, Claude and Qwen refused, noting that "Debra's" messages showed signs of being part of an online scam, and warning that I should end the correspondence. However, ChatGPT, Meta AI, and DeepSeek were all happy to comply, with no warnings of the danger. Meta AI's was the friendliest. (ChatGPT noted that I wasn't in any position to help.) I stitched together bits of all three to compose my reply.
OK, we seem to be getting near the endgame. "Debra" is introducing me to a "lawyer," identified as Sousa Darius sousa@sousaschamber.com. There does seem to be a sousaschanber domain and Website. Very bland and uninformative, providing only a function for you to send them your contact details. The Website is less than a month and a half old. They list quite a variety of specialties. So many that I'm surprised that they only have five hundred (plus) satisfied customers! (Then again, that's quite a lot, if they really are only a month and a half old.) They list an office in Vienna. Unfortunately, lawyers have to be registered in Austria--and they aren't.
("Debra" also seems to have decided that I have Germanic background, starting off the message with "Thank you so much, Hun" and ending with "Thanks again, Hun.")
Actually, yesterday, just after I got "Debra's" message, we had a fairly massive power outage here. And then some power restoration stumbles that put responding to scammers at a low priority. So I was able to use that as an excuse when "Debra" got very nervous (panic-stricken?) that I hadn't responded immediately.
I was a bit surprised at how fast things were ramping up. As well as addressing me as "Hun," "Debra" wanted me to introduce myself to the lawyer as her fiancee. Our relationship seems to be progressing by leaps and bounds! But then, after all, we *have* known each other for an entire nineteen days!
Well, from addressing me as "Hun" and fiancee, "Debra" has jumped back several rungs on the familiarity ladder. Without skipping a beat, mind you. She still expects me to contact the "lawyer" and somehow be involved with a power of attorney.
The genAI/LLM chatbots have *really* let me down. I asked them (well, the three remaining ones that didn't refuse last time) to respond to the latest message. ChatGPT did provide a response, but it contained a pretty flat "no" as far as being involved in anything legal. That's probably safer, for the general public (although ChatGPT missed the boat on that last time), but, for my purposes of trolling the scammers, it isn't very helpful. Meta AI and DeepSeek are all in, eager to get involved with the lawyer and get on with being scammed!
But then I realized that I wasn't being fair to the chatbots. When I added a note to the effect that I realized this was a scam, but wanted to continue (short of sending money) the bots were more helpful. (Well, except for Qwen. Qwen still feels that this is a really bad idea, and wants me to report the scam. Rather ironically, to the US FTC.) (Oh, and, even when informed that this is a scam, Meta AI is still all in, and wants me to hurry up and get involved with a possibly criminal power of attorney.) ChatGPT provided a reasonably and suitably cautious reply. Claude's reply was better, and more specific, and included and extra warning to be cautious. DeepSeek was complimentary, and congratulated me on my approach, as well as ending with some warnings. The reply itself was a bit weak, and it seemed to get confused about just who had had the power outage, so that wasn't terribly useful. I'll probably use a combination of ChatGPT and Claude, mostly Claude.
And, I've sent an initial message to "Sousa."
Oh, and thanks to John Glover for the idea for Scambusters:
OK, this "lawyer," "Sousa," is *really keen to get started. "He" replied, at 2:30pm New York time, or 8:30 pm Vienna time, on a Saturday, wanting to get started.
The thing is, his entire message is:
***
Dear Robert,
Kindly provide a phone number and convenient time to reach you, This will allow us to discuss more efficiently.
Please let me know your preferred time for a call at your earliest convenience.
Thank you for your cooperation.
Regards,
***
That's it.
As it happens, I have contracted with lawyers. Quite a bit. I have never had an email message like this from any lawyer, ever. No header advertising the company. No footer with a disclaimer stating that if you have received this message and are not the person to whom it was supposed to be addressed it was not the fault of the law firm and in fact *you* are in violation of intellectual property and privacy laws.
And, despite the total lack of content, it hit the spam filter. I'd say that sousa@sousaschamber.com has a pretty bad reputation, for some reason.
Phone call March 14. "Sousa" said that a phone call would be more efficient, but this was possibly the least efficient communication I've ever had with anyone. "Sousa" has a Black or possibly Chinese accent? "Sousa" doesn't know that Europe is not a country, but we eventually establish that Switzerland is the jurisdiction for the estate and the will. The power of attorney document not available until "he" prepares and presents it to me. (This guy is the vaguest, and most non-specific lawyer I have ever dealt with, and I've dealt with a number of them.) "He" is going to send a "client information document" to me, for me to fill out. (Sending me that document seems to be taking a while, so I'm not sitting by the computer and waiting for it.)
"Sousa" finally sent me the client information form--as a jpeg. I asked if I could just send "him" the information in an email, and for some reason that is a problem, so "he" is going to send another form on Monday, when "he" is at the office. (His phone is also some low-grade VoIP thing, and it's really hard to understand him, between the lousy audio and the thick accent.)
I'm not sure how much longer I can keep this up, nor how much value there is in continuing.
1. Both "Debra" and "Sousa" (probably the same person) are really pushing for a quick resolution. I had two phone calls with "Sousa" on Saturday, and now "Debra" is pushing for phone calls. I know that "instilling urgency" is one of the standard social engineering tricks in scams, although romance and grief scammers are usually more patient.
2. This (these?) scammer(s) seems to be thick as two short planks. I know that some people would be taken in, despite the egregious errors that they are making, but it's getting hard to take them seriously. It also means that I doubt there is much to learn from this scam, since it doesn't seem to be being conducted by anyone with any creativity or innovation.
3. I'm not sure about giving them my information for a "power of attorney." I don't think they could do much in terms of identity theft, but I don't want to give them too much more than I already have.
4. I'm not sure that there is any point in continuing in the hopes of catching them. I don't see much of a way to get more information with a view to identifying them.
"Sousa" has just provided further evidence of incompetence. He has sent a PDF of the client information form. Not a fillable form: just a PDF copy of the JPG.
I think I'm going to tell "Debra" that there are strong indications that he is *not* a properly registered lawyer, but probably an incompetent boob of a scammer, and that she should immediately contact a true and qualified Swiss lawyer to look into matters for her, since I'm sure that "Sousa" is out to scam "her" :-)
So, here was my reply to "her":
I hope this message finds you well, Hun.
Actually, Debra, I have to say that I am becoming increasingly concerned--for you.
I wanted to provide you with some important information regarding the power of attorney related to my uncle’s estate and the current situation I’m facing here in Istanbul.
I'd like to know more about the situation that you are facing in Istanbul, but I think that, first of all, I really need to direct your attention to a problem with Sousa Darius. I have had a few email messages from him, and a couple of phone calls, and I am seriously concerned about your connection with him.
I deal and contract with lawyers frequently, and his email messages are *not* characteristic of those from lawyers. In trying to get me to provide some information for the supposed "power of attorney," he has demonstrated complete technical incompetence in some of the most basic areas. In addition, there is a Website for a law firm under that domain name, but, despite the claim of thirty years' experience, the domain name was registered less than two months ago. The only address for the law office is in Austria, but in Austria lawyers *and* law firms are required to be registered and certified, and there is no lawyer *or* law firm registered in Austria under those names. The Website, if read carefully, demonstrates a complete lack of detail that could be used to verify any of the claims made. There isn't even a listing of biographies of the legal staff who are members of the firm.
In short, I am absolutely convinced that "Sousa Darius" is a fraud, and that you may be in danger by having any legal affairs handled by him.
The power of attorney will authorize you to act on my behalf in certain matters, specifically in accessing my uncle’s estate. This access is crucial as I need funds urgently to address some pressing issues here. According to my uncle’s instructions, this power of attorney will allow us to have co-signature authority over the estate, effectively giving me the access I require to manage these matters.
My uncle’s condition for this arrangement was that I be in a relationship with someone who is well connected with me and who would also act as a co-signatory to the entire estate. The estate is governed by Swiss law, and Sousa is both the executor and the lawyer handling these affairs.
Before going any further, with *any* of the many legal issues involved, I really, and most strongly, urge you to immediately find a valid and competent lawyer, registered in Switzerland, since that is the jurisdiction for both the estate and the will. Get the new lawyer to look into this "Sousa Darius," *and* the will, and find out what the real story is.
I know that this will be most upsetting, and particularly with all the other issues that you are currently facing (and I *do* want to know more details about them), but trying to get anywhere without resolving this "Sousa Darius" issue is bound to result in, possibly very serious, problems.
Rob, I want to be open with you….I would not have asked anyone to do this on my behalf under normal circumstances. However, given the situation and the difficulties I am currently experiencing in Istanbul, I need access to the funds urgently, and this is the only viable way to make that happen. I truly appreciate your willingness to help me with this.
Also, I think our communication via email can be slow and might delay important decisions. Please send me your phone number so I can communicate with you for real-time communication.
I would dearly love to speak with you! I know that being able to tell your troubles to someone (even someone as distant as I am) can be a comfort, even if it is not a direct assist. My phone number is +XXXXXXXXXXXXXX. Unfortunately, I have to leave for a meeting shortly, and I won't be back home until about 3 pm, Pacific time. (That would make it 11 pm or midnight, your time? That might be too late for you to stay up.) On Tuesday, I would be available before 11 am, before I have other meetings.
Also, while I would love to provide a shoulder to cry on for any topic you wish, in regard to the details of the legal issues, I think we should stick to email messages for those areas. The very slowness and delay of email messages is in our favour in those areas, since it forces you to slow down and think clearly about the problems, and what the solutions might be. Letting urgency take over tends to make you fixate on a given course of action, rather than finding new and creative alternatives that might not be immediately obvious when you are rushing towards an immediate solution.
Thank you again for your support and understanding.
Always. Glad to be of any help.
"She" didn't call last night, and "she" didn't call this morning, so I think that, as unaware as the scammer seemed to be, they probably finally got the message.
I *really* thought that would be the end of it, but apparently not. "Debra" is taking my concerns seriously and is looking into the issues that I raised about lawyers and registration. "She" thanks me for looking out for her!
To be continued? Yet again? ...
Online scams, frauds, and other attacks (OSF series postings)
Grief table of contents and resources
