Love and loss: The stats behind romance scams
The Blues Brothers are never wrong—everybody needs somebody to love. And, helpfully, any online dating site or social media platform can put endless romantic possibilities within reach.
The turn-off? A person looking for love is now top of the list for any romance scammer. And what’s more, those love rats think nothing of using dirty tactics to profit from people’s better nature.
That’s why we’ve been investigating the link between cybersecurity attitudes, behavior, and human risk (we even wrote a report about it in 2022). And, boy, do we have a lot to say about romance scams.
What are romance scams?
So what is an online romance scam? Also known as an “online dating scam”, “internet dating scam”, or “romance fraud”—it’s when fraudsters use a fake profile and persona to forge a connection and romantic relationship with a potential victim.
All that remains is to decide how best to take advantage of their target. Whether it’s gleaning personal information for identity theft, bank account or credit card details to finance their devious lifestyles, or company logins to hold your organization ransom.
All the while causing some heartache along the way.
Playing on heartstrings
We wanted to know about people’s attitudes toward cyber crime. Did they think they were likely to fall for an online con?
Here’s what we discovered. People have a hard job imagining that they could be the target of cybercrime.
1 in 4 people (27%) thought they were unlikely to be a target of cybercrime.
Around half (43%) thought they could be targeted.
Over half were worried about falling victim to cybercrime. But that means nearly half weren’t. (Gulp).
So, while some people are aware they could be targeted and are concerned about falling victim, lots of people remain unaware of the risks.
But how about people’s thoughts on thwarting cybercrime?
1 in 2 (53%) of participants felt it was worth making an effort to protect themselves online.
The same proportion felt that losing money on the internet was avoidable.
One third (34%) of participants felt having their data stolen was ‘unavoidable’.
So, lots of people are motivated to protect themselves from what they consider avoidable losses. And that’s great.
What’s not so great is that 1 in 3 people seem to believe that being a victim of cybercrime is inevitable. And if you don’t have the power to stop something, why bother learning how to avoid romance scams or learn how to tell if someone is scamming you? A waste of time, right? Wrong.
Love (scams) know no bounds
Nearly 1 in 5 (17%) said they had been the victim of a romance scam, with participants mentioning 295 romance scams in total.
Let’s just pause there. Just under 1 in 5 people we asked had been romance scam victims. That’s a lot, right?
So we were curious about how age affects victimization levels. What percentage of each generation had been a victim of romance fraud?
15% Gen Z
8% Gen X
4% Baby Boomers
3% Silent Generation
Looking at ages of cybercrime victims can tell us something about who’s most at risk. And—who woulda thunk—tech-savvy digital natives get hit hardest. Awkward.
And from one surprise to another: Despite considerable media coverage, romance scams are woefully underreported.
Making it official
If you’re a security professional, you should be as worried as we are about the number of romance fraud cases that go unreported. Just over half (55%) of romance scams were reported.
Across the generations, online romance scams reporting rates were the highest for Millennials (62%) and lowest for Baby Boomers (33%).
What do we know about how these scams are reported? Out of the 163 participants who had reported their romance scam:
36% reported it to the authorities (e.g. law enforcement).
34% reported it to other parties, like network providers.
30% reported it to their work or education setting.
29% reported it to their online security providers.
85% of people who reported a romance scam found the process easy.
A popular motivation of people who reported these crimes was to protect others, and themselves, from future attacks. But how about those who didn’t report the scams?
19% believed there was ‘no point’ in doing so.
17% didn’t know where to report romance scams.
17% felt too ashamed to report it.
So, while it’s important that people know how to avoid romance fraud and how to report romance fraud, it’s the final point that scares us the most . . . so we’re going to run away from it. Kidding!
Falling (head over heels) for it
Romance scammers aren’t fussy. Sure, some groups are more at risk than others, but there is no “typical victim”.
It really can happen to anyone looking for a romantic interest (or just someone to send them flowers on Valentine’s Day). In fact, the data suggests it happens to 1 in 5 people.
Yet victims of romance fraud often talk about how stupid they feel. And shame works in scammer’s’ favor (just like the human desire for romantic connection).
It’s a compelling reminder that shame has no place in any security culture.
So, where do we go from here?
Alright, so what are the key takeaways for cybersecurity professionals?
People have a risk perception problem. They think it won’t happen to them. So they’re potentially less likely to keep their guard up.
Tech-savvy employees can be victims, too. Being a digital native doesn’t eradicate risk.
Stigma and shame discourage reporting, and compromise your human risk management efforts.
Understanding human behavior is key to understanding cyberattacks, and how to stop them.
Cybersecurity professionals are in a position to reduce risk in people’s personal lives and their organizations by increasing awareness, and destigmatizing victimization.