Several months ago, and I was very disgruntled because of it, I received an email from an "old lady." who was dying and simply wanted to talk about Jesus. Up front, it's a typical misrepresentation style scam, where the person involved misrepresents who they are, such as being an important person from a far off country. I did not fall for it. Anyway, this person pretending to be an old lady provided hospital photographs, likely taken from someone on social media, telling me about missing her late husband etc. I responded a few times, and then it turned into a monetary thing where the scammer was trying to find a way to extract money from me on the basis of tied up funds or something. As a result, I deleted virtually all information about me. Previously, put some info on my profile for the purpose of upfront breaking ice to anyone i talk to on Faithlife's various platforms.
What i think most likely happened is that either someone took the effort to go thru profiles, or use some kind of webcrawler, or a combination of the two. Namely, using a webcrawler to find any key words, terms, or indications, and then going onto the website, perhaps making an account, to examine people's profiles to look for anything that could be detectable as a victim, any data that can be used for a private email conversation which the scammer(s)' believe is leverageable in conversation, toying with emotions, or otherwise. That's what this person did, toy with my emotions, on the basis of an a lonely, sick old lady, who just wants to have some nice conversations with someone. I'm making best guesses on what the scammer(s) involved did. I can't add much more since I know little about how bots, crawlers, coding, or other stuff works.
If it would help, I will share privately with FL staff the emails. I have no idea if there's anything in them which could provide helpful information regarding security.
