Romance fraud: The real cost of love, and why your organization could have to pay up

Let’s face it: love can be hard to find. We’re worried about looking in the wrong places, saying the wrong thing, overthinking things.

And fraudsters know it. What’s more, they will stop at nothing to turn it to their advantage, and that includes getting their claws into the inner workings of your business and taking you down from the inside.

How is romance fraud a threat to your organization? Once one of your employees is on their hook, the possibilities are boundless. You name it—identity theft, money laundering, ransomware—if it’s a crime, they’ll probably commit it.

And that’s not a reflection on your people, so much as how manipulative romance scammers can be.

Though it may seem impossible to thwart this kind of attack without digging into your people’s personal lives, boosting security awareness, and running simulated phishing campaigns that reflect these real-world risks and help people identify the techniques scammers rely on are great steps toward reducing risk.

For now, let’s look at some common types of romance scams.

What is a romance scam or romance fraud?

If you happen to be writing a modern-day fairytale, then the criminals behind romance scams—also known as an “online romance scams”, or “romance fraud”—should be the villains.

It’s pretty simple. Romance scammers take advantage of people looking for a romantic connection, typically on social media, or an online dating site. They hide behind a fake profile to gain their potential victims’ trust and affection. And use manipulation and grooming tactics to get personal information that can be used to steal money, someone’s identity, or gain access to critical systems.

The next thing you know, there’s a Netflix documentary about it (The Tinder Swindler, anybody?).

Fancy a threesome?

Made you look.

Here are three of the most common types of romance scams.

1. I need a hero

Beth found Neil on a dating site. She loved a man in uniform and Neil’s profile picture of a soldier in khakis caught her eye. She sent him a message, and his response was warm, genuine and funny.

Beth was sad to hear about how Neil’s wife had died tragically when their two children were young. Having lost a boyfriend once, and the emotional bond deepened.

Neil was stationed on the other side of the country, but Beth felt like she was there with him when he would describe base life, the comings and goings, the ups and downs.

He’d just bought a train ticket to visit Beth when he was unexpectedly deployed. Beth told him not to worry, that come what may, she would be there for him. So, when Neil told he couldn’t afford his flights back home, Beth immediately sent him the money to cover them.

Scams like this can go on for years before victims finally catch the fraudsters out. Sometimes, they never do. While they typically have a larger impact on the victim’s personal life (and bank account), the damage could creep into your organization too if the victim inadvertently shares sensitive or confidential information with their “romantic interest”.

2. Love the camera

Nas was flattered when the beautiful Lola added him as a friend on Facebook and began chatting him up. In no time at all, they were in the midst of a whirlwind romance. It didn’t matter that he lived in London and she lived in New Zealand. Love knows no boundaries.

Desperate to see each other, they arranged a video call. Nas was gutted when Lola’s webcam wouldn’t turn on, but her voice was every bit as lovely as he had hoped. They talked for hours, and Nas got carried away, persuaded by Lola to show a bit more than he’d intended.

The next day, Lola’s tone changed completely. She’d recorded Nas in a compromising position, and if he didn’t pay her a chunk of cash, she threatened to share the video with his Facebook friends. Desperate, Nas paid up.

The next day, Lola asked for even more cash, threatening the same consequence.

Once scammers have a hold on their victim, their demands can quickly get out of hand. Demanding personal details or credentials that could be used to compromise your organization’s cybersecurity.

3. Love at first (dating) site

Haley decided to ring the changes in 2023 by joining a new dating website. She found one that had some great testimonials on the home page, and the site looked high-end, so she decided to give it a go.

She was a little surprised that the sign-up questions were things like her first pets’ names, the name of her first school, and her hometown. But she was determined to find The One this year, so she pushed on.

It was worth her time. The moment she’d logged in, she got a flurry of messages from potential love matches. To read them, all she had to do was upgrade to Premium. There was, surprisingly, no cost. All she had to do was answer a few more questions, and upload a few more pictures.

She trusted the algorithm. So, she added details about her family members, profession, company, and uploaded a great new headshot she meant to use for her LinkedIn profile.

Little did Haley know, she’d fallen right into dating site fraud. To mine valuable personal data, romance scammers will go to the trouble of setting up elaborate dating site scams.

Personal information is gold dust to cybercriminals. Passwords often contain names and places dear to us, and they know it. Certain pieces of information—like first school—can be used as part of the login process.

Popular platforms for romance scams

1. Dating websites and apps: Online dating platforms are a popular target for romance scammers. These sites allow scammers to easily create fake profiles, view and message potential victims, and build relationships with them. Scammers may use popular dating apps such as Tinder, Bumble, OkCupid, or Match.com.
2. Social media platforms: Social media platforms such as Facebook, Instagram, and Twitter are also common targets for romance scams. Scammers may create fake profiles, join dating or interest groups, or use direct messaging to contact potential victims.
3. Email and messaging services: Scammers may also use email and messaging services, such as Gmail, Yahoo, or WhatsApp, to contact and deceive victims. They may send phishing emails or messages that appear to be from a romantic interest, asking the victim for money or personal information.
4. Online gaming communities: Online gaming communities, such as World of Warcraft or Second Life, can also be a target for romance scams. Scammers may use these platforms to create fake profiles and interact with potential victims, often pretending to be someone they are not.
5. Classified ads and online marketplaces: Classified ad websites, such as Craigslist or Gumtree, and online marketplaces, such as eBay or Amazon, can also be used by scammers to contact and deceive victims. They may pretend to be interested in buying or selling items, or use fake profiles to create a sense of emotional connection with the victim.

Shame is a losing game

Romance fraud doesn’t discriminate. Scammers target the young, the old, the tech-savvy, and even the index-finger-typers.

Romance fraud victims often talk of how stupid they feel. The shame and embarrassment of being deceived can be intense and isolating. Which is exactly why a huge number of cases go unreported, awareness remains low, and scammers keep getting away with it.

Criminals rely on people’s emotions to drive their scam home.

Our free phishing eBook, helps you give people the tools they need to spot scammers and avoid falling victim.