Gen. Paul Nakasone, the director of the National Security Agency and head of U.S. Cyber Command, is a busy man. He oversees vast, technical surveillance efforts in the U.S. and abroad, while also commanding a military outfit charged with launching cyberattacks.
Emailing random women from an outpost in Syria is probably not on his to-do list.
So when, Susan, a woman from the New York City area, started receiving correspondence from a “Paul Nakasone” this week, she wondered why the self-proclaimed “head of U.S. Army Cyber Command” was trying to flirt with her.
“I Googled this guy and I’m like, ‘Are you kidding me?’” Susan, who asked to be identified by only her first name, told CyberScoop. “And it was very flirtatious, but I’m a married woman.”
Susan ultimately realized, that, no, she was not talking to the real Paul Nakasone. She and her friend were actually dealing with scammers who were posing as top U.S. military generals in what looked to be the early stages of a romance scam.
Here’s how it started: On May 12, a Facebook account under the name “George Lyons” commented on a public post Susan made about the musical “Hamilton.” The “George Lyons” account was populated with photos of Gen. Stephen Lyons, the current commander of U.S. Transportation Command. Susan saw that the account had also reached out to Susan’s friend, Cindy. Susan and Cindy started chatting with Lyons on Facebook Messenger, hoping to get the general and his troops to correspond with elderly residents in the health care facility where Susan is employed.
The conversation quickly steered toward Lyons trying to get Susan to send Nakasone an email.
“[Lyons] said [Nakasone] was a widow and he needed some company,” she told CyberScoop. (On his official biography page, the NSA says the real Nakasone is married and has four children.)
After sharing her email address with “Lyons,” Susan received an email from a Gmail address from someone claiming to be Nakasone.
The Gmail user masquerading as Nakasone claimed to be in Syria, where he spent his days on patrol and doing “some paperwork.” He also inundated Susan with religious messages and requests to download Google Hangouts so they could correspond further. When Susan asked the apparent general why he preferred to chat on Hangouts, he responded by blaming “rebels” and “the Taliban” for trying to “dent my image.”
When Susan pressed for evidence that she was talking to the real Nakasone, the account replied by citing his military background.
“What is wrong with you….don’t you have regard on my reputation,” said a message sent Thursday. “I also serve as the United States Army Cyber Command [sic]. So I see no reason why you are still saying rubbish Susan.”
Meanwhile, Cindy was corresponding with a similar account, claiming to be Stephen Lyons. The emails were of a similar nature: flirtatious messages and requests to download Google Hangouts.
Susan alerted CyberScoop about the Nakasone email address after being unable to contact Facebook about the Lyons account.
Google as fast as you can
The effort appears to be the early stages of an attempted romance scam, in which fraudsters from around the world pose as possible love interests, then request personal data or money from unwitting participants. Often, scammers create personas with U.S. military details to generate trust or sympathy in a would-be victim.
More than 19,000 Americans reported such crimes in 2019, resulting in more than $475 million in known losses, according to the FBI. U.S. prosecutors recently charged 10 people from Nigeria with a scheme in which they would ask Americans first for smaller items, like gift cards, then increase the size of their requests as the relationship evolved over email and Google Hangouts. One victim sent $201,000 to a Nigerian suspect before realizing the effort was all a fraud.
In this case, both Cindy and Susan said they were too suspicious to send money or provide any revealing personal information.
In the hopes to scare off the scammer, CyberScoop fed Susan some fodder to mess with the fake Nakasone. We asked her to get the “general” to clarify his position on Title 10 v. Title 50, a deeply wonkish legal debate over what part of the government has the authority to carry out cyberattacks.
As it turned out, the fake Nakasone knows how to Google for a response. His reply, according to the U.S. military website from which it was lifted, was largely accurate.
“Okay let me see,” the account said. “TITLE 10 is commonly used to refer to day of defeat and to articulate the legal basis for military operations while TITLE 50 is referred solely to activities conducted by the central intelligence agency is at best, inaccurate as the secretary of defense also possesses significant authorities under the TITLE 50.”
Both Gmail accounts were still active at press time. When reached by CyberScoop, the person posing as Stephen Lyons responded with, “I am sending my troops to get you, I will also make a contact for the FBI to get you[.]”
The full reach of this campaign, and whether the same fraudsters also posed as other U.S. military personnel, remains unclear.
Facebook removed the “George Lyons” page almost immediately upon notification from CyberScoop. Google did not immediately respond to a message seeking comment. The NSA did not provide comment. In a statement Monday, a U.S. Transportation Command spokesman said the military outfit routinely reviews social media for fake accounts, and reporrts them to companies roughly 15 to 20 times each year.
As to why the women corresponded with the accounts in the first place, Cindy told CyberScoop the laws of attraction come before good cyber-hygiene.
“I’m single, and my eyes are always open,” Cindy said. “If I see a good looking guy in uniform, I’m probably going to click.”
Update, May 18, 1:44pm ET: This story has been updated to include a response from U.S. Transcom.