Written by Jeff Stone May 15, 2020 | CYBERSCOOP

Gen. Paul Nakasone, the director of the National Security Agency and head of U.S. Cyber Command, is a busy man.He oversees vast, technical surveillance efforts in the U.S. and abroad, while also commanding a military outfitcharged withlaunching cyberattacks.

Emailing random women from an outpost in Syria is probably not on his to-do list.

So when, Susan, a woman from the New York City area, started receiving correspondence from a Paul Nakasonethis week, she wondered why the self-proclaimed head of U.S. Army Cyber Command wastrying to flirt with her.

I Googled this guy and Im like, Are you kidding me? Susan, who asked to be identified by only her first name, told CyberScoop. And it was very flirtatious, but Im a married woman.

Susan ultimately realized, that, no, she was not talking to the real Paul Nakasone. She and her friend were actually dealing with scammers who were posing as top U.S. military generals in what looked to be the early stages of a romance scam.

Heres how it started: On May 12, a Facebook account under the nameGeorge Lyons commented on a public post Susan made about the musical Hamilton. The George Lyons account was populated with photos of Gen. Stephen Lyons, the current commander of U.S. Transportation Command. Susan saw that the account had also reached out to Susans friend, Cindy. Susan and Cindy started chatting with Lyons on Facebook Messenger, hoping to get the general and his troops to correspond with elderly residents in the health care facility where Susan is employed.

The conversation quickly steered toward Lyons trying to get Susan to send Nakasone an email.

[Lyons] said [Nakasone] was a widow and he needed some company, she told CyberScoop. (On his official biography page, the NSA says the real Nakasone is married and has four children.)

After sharing her email address with Lyons, Susan received an email from a Gmail address from someone claiming to be Nakasone.

The Gmail user masquerading as Nakasone claimed to be in Syria, where he spent his days on patrol and doing some paperwork. He also inundated Susan with religious messages and requests to download Google Hangouts so they could correspond further. When Susan asked the apparent general why he preferred to chaton Hangouts, he responded by blaming rebels and the Taliban for trying to dent my image.

When Susan pressed for evidence that she was talking to the real Nakasone, the account replied by citing his military background.

What is wrong with you.dont you have regard on my reputation, said a message sent Thursday. I also serve as the United States Army Cyber Command [sic]. So I see no reason why you are still saying rubbish Susan.

Meanwhile, Cindy was corresponding with a similar account, claiming to be Stephen Lyons. The emails were of a similar nature: flirtatious messages and requests to download Google Hangouts.

Susan alerted CyberScoop about the Nakasone email address after being unable to contact Facebook about the Lyons account.

The effort appears to be the early stages of an attempted romance scam, in which fraudsters from around the world pose as possible love interests, then request personal data or money from unwitting participants. Often, scammerscreate personas withU.S. military details to generate trust or sympathy in a would-be victim.

More than 19,000 Americans reported such crimes in 2019, resulting in more than $475 million in known losses, according to the FBI. U.S. prosecutors recently charged 10 people from Nigeria with a scheme in which they would ask Americans first for smaller items, like gift cards, then increase the size of their requests as the relationship evolved over email and Google Hangouts. One victim sent $201,000 to a Nigerian suspect before realizing the effort was all a fraud.

In this case, both Cindy and Susan said they were too suspicious to send money or provide any revealing personal information.

In the hopes to scare off the scammer, CyberScoop fed Susan some fodder to mess with the fake Nakasone. We asked her to get the general to clarify his position on Title 10 v. Title 50, a deeply wonkish legal debate over what part of the government has the authority to carry out cyberattacks.

As it turned out, the fake Nakasone knows how to Google for a response. His reply, according to the U.S. military website from which it was lifted, was largely accurate.

Okay let me see, the account said. TITLE 10 is commonly used to refer to day of defeat and to articulate the legal basis for military operations while TITLE 50 is referred solely to activities conducted by the central intelligence agency is at best, inaccurate as the secretary of defense also possesses significant authorities under the TITLE 50.

Both Gmail accounts were still active at press time. When reached by CyberScoop, the person posing as Stephen Lyons respondedwith, I am sending my troops to get you, I will also make a contact for the FBI to get you[.]

The full reach of this campaign, and whether the same fraudsters also posed as other U.S. military personnel, remains unclear.

Facebook removed the George Lyons page almost immediately upon notification from CyberScoop.Google did not immediately respond to a message seeking comment.The NSA did not provide comment. In a statement Monday, a U.S. Transportation Command spokesman said the military outfit routinely reviews social media for fake accounts, and reporrts them to companies roughly 15 to 20 times each year.

As to why the women corresponded with the accounts in the first place, Cindy told CyberScoop the laws of attraction come before good cyber-hygiene.

Im single, and my eyes are always open, Cindy said. If I see a good looking guy in uniform, Im probably going to click.

Update, May 18, 1:44pm ET: This story has been updated to include a response from U.S. Transcom.

Go here to see the original:

Someone is trying to catfish women by pretending to be Paul Nakasone - CyberScoop