Romance Scammers Love Valentine's Day to Steal Your Money

Online scammers pretending to be interested in developing relationships target people for their money and access to a company's data and information.

The digital Romeos and Juliets adore pulling the heartstrings of fans of romance who are lured by the prospect of finding a soulmate online.

But these online fraudsters, who often appear too good to be true, are really only after one thing - your money.

These scams can take awhile, but cyber criminals are willing to spend time flattering their unsuspecting victims for several weeks or even months in the pursuit of financial gain.

But letting your guard down has real and expensive consequences because recouping your hard-earned money rarely happens and many victims refrain from reporting these crimes.

Romance scams have emerged as immense financial opportunities for scammers.

The Federal Trade Commission said at least $1.3 billion was lost to romance scams during the past five years, which is more than other fraud categories. In 2021, fraudsters reaped $547 million, which is more than six times the reported losses in 2017. Victims lost a median amount of $2,400, according to the FTC.

Romance scams are popular because the criminals are able to earn the trust of people before they ask for money, Joseph Carson, chief security scientist and Advisory CISO at Delinea, a Redwood City, Calif.-based provider of privileged access management (PAM) solutions, told TheStreet.

The criminals "need to build and earn the victims trust first before tricking them into sending money or unknowingly infecting their system with malicious software," he said.

Both dating apps and social media profiles are "ripe with intimate details about someone’s life," Matthew Psencik, director of endpoint security at Tanium, a Kirkland, Wash.-based provider of converged endpoint management, told TheStreet.

"Actively publishing relationship status along with other information such as profession, hobbies, personal pictures and sometimes phone numbers or locations is more commonplace than not," he said. "This information enables criminals to either manually make appealing fake profiles and match with users or create bots that will handle the entire attack lifecycle for them."

Once an attacker "matches" with a potential victim, the criminal can either try and solicit personal information through identity theft or monetary gains via blackmail," Psencik said.

Sometimes their goal is to share malicious links to begin a whole host of other attacks, he said.

Common Romance Scams

Cyber criminals "go with what works" and often their goal is to deceive victims into revealing personal information such as pets’ names, which is a frequent website security question and phone numbers that make it easier to track and locate someone, Psencik said.

The potential for extortion, blackmail and other fraud are far more insidious where romance is involved, "often involving explicit images or videos, as well large fund requests for travel and expenses to meet for a hookup that never happens," he said.

The red flags are often obvious such as strange diction or spelling. Many scammers are using bots in their interactions with potential victims.

"If something seems off, it probably is," Psencik said. "If someone is overly forward or too personal without any prior interaction, consider challenging them with a more obscure personal question to thwart any canned interaction. This will either break a bot’s attempts to follow a script or will force the scammer to try and wrangle the conversation back toward their goal."

When the fraudster asks for money out of nowhere and from unusual means such as multiple gift cards request or bitcoin transfers, it should be a cause for concern, he said.

Dating apps are "brimming with bots and scammers making the chances of an encounter a strong possibility," Psencik said.

Unmatch with the "person" you think is a scammer and report it to the app's moderation team, he said.

Some signs of a fraudster are more obvious such as creating an urgent situation where money is needed, but always be "suspicious of everything online and make sure you verify the person before building any type of trust," Carson said.

"Check for mutual friends who can verify the person or other types of validated identities," he said. "Identities that have very little details tend to be fake profiles."

Romance scams follow a playbook familiar to scammers -- they leverage relationships that are meant to be based on trust, Bud Broomhead, CEO at Viakoo, a Mountain View, Calif.-based provider of automated IoT cyber hygiene, told TheStreet.

Fraudsters typically follow this playbook:

• Not being able to physically meet (or changing plans to meet because of an emergency).

• Thin or limited social media presence.

• Moving too quickly in forming a romantic relationship.

• Claiming job or family circumstance with frequent or unplanned travel.

• Asking for money, personal financial information, or passwords.

Cyber criminals are often armed with a lot of personal information about their targets, making their starting point much easier than before, he said. They already know a victim’s financial situation, how connected they are to other people, whether they recently ended another relationship and where they are from and when they last moved, Broomhead said.

Romance scams turned extortion are a very popular tactic these days.

"People succumb to criminals seducing them virtually, usually there is some sexting going on, and then the evidence is used against them." John Bambenek, principal threat hunter at Netenrich, a San Jose, Calif.-based security and operations analytics SaaS company, told TheStreet. "Sometimes it is just pure romance scam where the criminal is requesting more and more."

Not All Fraudsters Want Your Money

A major increase in romance scams is not for a financial reward but to gain unauthorized access to the victim's employers systems and data, Carson said. 

"These types of social engineering techniques are typically more targeted at high level employees with a goal to get them to leak data or click on a malicious payload that would infect their company devices," he said.

Social engineers are skilled at combining the right time, place, and emotional trigger to hook potential victims, Mika Aalto, CEO at Hoxhunt, a Helsinki-based provider of enterprise security awareness solutions, told TheStreet. 

Romance scams offer "effective playbooks for phishing attacks," he said. "You’ll see heightened activity of catphishing on dating sites, sextortion over email or the quasi-romantic crypto scams on LinkedIn."

Fraudsters have honed their skills and their scams are more sophisticated now. 

They have from straightforward payment scams to complex phishing attacks where a targeted employee "unwittingly hands over their credentials to their corporate system," Patrick Harr, CEO at SlashNext, a Pleasanton, Calif.-based anti phishing company, told TheStreet.

"Data can be worth more than gold to an attacker who is looking to deploy, for instance, ransomware," he said. "The moment someone you don’t know who you are engaged in an online relationship with starts asking for sensitive information or for money, be very careful."

Since the majority of romance scams are international or cross border, there are very few legal options for victims.

"Typically the criminals are in countries where it is not even considered a crime," Carson said. "It is still always important to report the incidents."

If you are willingly providing your bank information or your personal information, "there is little recourse for retrieving any of the stolen information or funds," Harr said.

Romance scams are very effective on dating sites because people’s defenses are already down and they are ready to trust a stranger. 

"That’s where attackers socially engineer a campaign built around people’s need for love and companionship," he said. "After a little reconnaissance by the attacker, it’s common for victims to get hooked on a site like Facebook or Instagram with a flirty message."

The photos you see of strangers are often stolen from another website or app.

The picture of a scammer posing as an attractive person can create a strong emotional connection that "bypasses a person’s typical skepticism," Harr said. "From there the relationship can feel incredibly real. Just ask former college and NFL star, Manti Te’o, whose life and career was torn apart by a catphishing scam 10 years ago carried out over Facebook."

People lose more than just money in these scams, he said.

"The emotional damage can be difficult to quantify, much less overcome, after trusting someone deeply enough for them to take advantage of you," Harr said. "In that sense, victims of romance scams can seek help from therapists and friends to get back on their feet and move forward with their lives."