In romance scams — also known as “catfishing” scams — an attacker assumes an attractive but fake identity and builds a romantic relationship with the victim online, using it to extract money from the victim on false pretexts.
On the surface, this type of crime wouldn’t concern businesses. However, victims manipulated into trusting the scammer may unknowingly disclose sensitive corporate information, posing serious security risks and potentially leading to data breaches, intellectual property theft and other forms of corporate espionage. The damage can be significant.
The FTC tracked 64,000 romance scams in 2023 and reported that total losses for this type of scam accounted for $1.13 billion, or about $2,000 per victim — higher than any other form of imposter scam tracked by the agency. Sometimes, the losses go much higher — 10% of victims report losing over $10,000.
"Romance scams have transformed from isolated incidents into a sophisticated industry, leveraging enterprise-level strategies, advanced software platforms and even customer service tactics to exploit victims," says Pragya Agarwal, TaskUs VP of Financial Crime & Compliance. "This industrialization underscores the urgency for businesses to strengthen their defenses and stay ahead of these evolving threats."
How romance scams work
Romance scams generally start with fake profiles on social media or online dating apps. They typically begin with a friend request from a stranger, followed by intense flattery and affection, according to Pragya. The trust built paves the way for the point of the scam: money.
Cryptocurrencies and gift cards are the most reported payment methods in romance scams, according to another FTC report. Gift cards are especially popular because they are a quick way to get cash while remaining anonymous and are difficult to trace or reverse.
AI-powered chatbots have made scammers even more fluent in the languages of love. In 2023, cyber security researchers found that scammers were using ChatGPT and Google Bard to help them generate more convincing conversations with potential victims.
There is some overlap between romance scams and pig butchering scams, which also depend on psychological tactics and establishing trust, sometimes on a romantic basis.
Key warning signs
Scammers typically create profiles with attractive photos to draw victims in. Their social media accounts often have few friends and little activity.
Usually, the scammer is located in a distant state or foreign country, providing a pretext for why they can’t meet in person — and making it more difficult for victims to realize the deception, discover the scammer’s true identity or even pursue legal recourse.
Other signs of romance scams include rushing the relationship, often declaring love or deep feelings after just a few messages or days of chatting, as well as sharing vague or inconsistent details. Scammers also often ask to keep the relationship private and try to get personal details like the victim’s address, bank information or even private photos.
The likely targets
The majority of victims are male and over 55, according to a Malwarebytes survey, which found that more than 66% of survey respondents had been targeted by this kind of scam.
Scammers are especially likely to aim at recently widowed or divorced seniors because they are vulnerable and more likely to have cash. However, there’s a significant number of younger victims: 26% are between the ages of 18 and 54.
Big threats to businesses
Romance scams pose a risk when employees fall for such a scam. Rather than, or in addition to, personal funds, scammers may manipulate victims into misusing company funds or resources. High-ranking individuals with access to financial accounts are particularly vulnerable, potentially leading to theft or fraud.
Some scammers have even talked victims into providing confidential information or access to corporate systems or work emails — which then allows the scammers to impersonate the employee and begin infiltrating the work network, request fake invoices or redirect vendor payments to their accounts.
Key regulatory compliance risks from employee actions might include investigations leading to major fines, mandatory external audits raising operational costs, legal charges affecting the company and individuals, reputation impacts hurting business relationships and required remediation programs demanding significant resources.
Romance scam victims often suffer devastating emotional trauma and financial losses, frequently leading to decreased work performance, increased sick leave and impaired decision-making that can jeopardize critical business operations and team dynamics.
Steps to protect your organization against romance scams
Businesses should take these essential steps to protect employees and operations:
Conduct recurring cybersecurity training covering romance scam red flags: online strangers, unverifiable identities, perpetually unavailable contacts and strict rules against sharing money/data.
Watch for employee warning signs: mentions of overseas relationships, behavior changes and increased absences.
Strengthen security with MFA, strict access controls, network monitoring and anti-phishing tools to prevent compromised account exploitation.
Foster an environment where employees feel safe reporting scams and can access support resources for emotional/financial recovery.
Advice from Financial Crime & Compliance experts
As cyber criminals deploy increasingly sophisticated techniques and tools, effective cybersecurity demands both human awareness and technological safeguards, according to Pragya.
"Basic steps like conducting background checks, maintaining a healthy level of skepticism and being on guard can make a big difference," she advises, emphasizing the fundamental role of individual vigilance.
By combining this human element with advanced real-time fraud detection systems, comprehensive employee training programs and partnerships with fraud prevention experts, organizations can build a robust defense against romance scams' damaging financial and emotional impacts.
- 3^Romance scammers’ favorite lies exposed
- 4^AI-Powered CryptoRom Scam Targets Mobile Users
- 5^Cryptorom targets mobile users AI
