Romance Scams: The Email Threat That Breaks Hearts and Banks

Since the large adoption of the internet, the online dating industry moved to set a new standard in the way we find our soulmates. And it worked. According to a study from the University of Chicago, compared to marriages between couples who meet in real life, marriages between couples whose relationships are formed through an online dating site are more likely to last.

Unfortunately, with the rise of online dating services came the birth of romance scams. According to the FBI, romance scams cost victims $362 million in the US alone in 2018. Each year, hackers, mostly based in Africa, successfully scam thousands of victims with a variety of schemes, all capitalizing on the victim’s desire for a relationship.

What is a romance scam?

Romance scams target wealthy women, sometimes widows, who are looking for a new relationship and men who are looking for extra-marital relationships. In most cases, the goal is to defraud the victim out of money. According to the FTC, victims between the ages of 40 and 69 were scammed at the highest rates, while victims aged 70 and above reported the biggest losses.  

The wire transfer scam

After registering on a dating website, the victim meets a hacker impersonating a handsome man. Most of the time, this man will have the same nationality as the victim. At the time of contact, he is on a business trip abroad, in the military, or, in the case of high-profile romance scam out of Australia, sailing

high-profile romance scam out of Australia

Written and audio messages will be exchanged between the scammer and their victim. Exchanges will intensify, often over a period of a few weeks or a few months—enough time for the victim to get emotionally attached.

Then communication stops suddenly for a few days.

The scammer reappears by sending an email asking for help, pretending they are stuck abroad without any ID, phone, or money. This is when the emotional scam closes in on the victim, who then transfers money via Western Union to help their soulmate.

In this type of scenario, studies show that women are twice as likely to send money to the scammers, whereas male victims send 20 percent more money.

The victims are hand-picked. In 25 percent of cases, users of dating apps display their actual identity. The victim’s profile picture on those apps is often the same as their Facebook profile picture.

Their hobbies are stated on their online resume and their badly configured social media accounts invite extraction of tons of sensitive personal data, which will help the scammer develop a highly personalized scam capable of tapping into the emotions of the victim.

In 61 percent of cases, the online information shared by the victim provides access to their social media accounts, dating platforms, and in certain cases, their professional email address. This tells hackers everything they need to know about their victims before contacting them. These scammers are professionals, mostly based in Ghana, Nigeria, Benin, and Sierra Leone.

Tools of the trade

With the progress of artificial intelligence, hackers no longer need to spoof real identities. Using free online tools, hackers generate huge amounts of fake dating profiles and push them on dating websites:

It is now impossible for victims to detect if a dating profile is real, spoofed, or created with the help of artificial intelligence. And don’t expect the dating website to protect you. According to Consumer Reports, most online dating websites don’t vet users who sign up for accounts, leaving users vulnerable to scams.

For example, in 2019, the FTC sued Match Group, owner of Match.com, for exposing users to fraud. In a statement, the FTC alleged that Match.com allowed non-subscribers to receive messages from accounts that were suspected as fraudulent. The aim, according to the FTC, was to get non-subscribers to sign up for a paid account, which they did, to the tune of 499,691 subscriptions in 24 hours. Paying subscribers, according to the FTC, did not receive emails from the suspicious accounts.

Traditional email filtering solutions do not work

It’s complicated, if not impossible, for a traditional email security solution to detect a romance scam. A legitimate, purpose-built Gmail address and an email with no phishing links or other warning signs will likely not be flagged. Most of the time, the victim will contact the scammer by email, essentially making the scammer a trusted sender.

In this case, traditional email security solutions based on email reputation, domain reputation, and fingerprint are ineffective. Only a solution based on the context of the email, including flag words and phrases, will have the ability to notify the victim about the potentially dangerous character of the exchanges.

A lucrative, hard to detect scam

According to a survey from IDCARE, it takes an average of five and half months to detect a romance scam, while the average loss is around $2,700, according to the FTC. That is seven times higher than other forms of online scams. Below are some other notable stats related to romance scams:

  • In 66.9 percent of cases, the scam is detected by the victim.
  • In 18.9 percent of cases, the scam is detected by a friend or family member.
  • In 6.8 percent of cases, the scam is detected by banks.

Finally, many victims remain in denial about being scammed. This could make them less likely to report the crime to authorities and even vulnerable to future scams. If you or someone you know are a victim of a romance scam, you can file a complaint with the FBI’s Internet Complaint Center at www.ic3.gov