The stakes are rapidly rising. In the past five years, people have reported losing $1.3 billion to online romance scams, more than any other U.S. Federal Trade Commission (FTC) fraud category.1 It is a global criminal enterprise.
Elite and specialty dating sites marketed toward wealthy users are today the playground for some of the most sophisticated cyber threat actors. While these sites offer an opportunity for users to contact a large volume of high-net-worth individuals interested in building a romantic relationship, they also unintentionally act as a magnet for organized crime groups seeking hefty payouts from victims. These groups prey upon basic human desires related to companionship and beauty, and exploit them to commit fraud.
The level of fraud can go well-beyond that depicted in the 2022 documentary, The Tinder Swindler. These organized crime groups are patient, well-funded and orchestrated. Their victims are highly educated and very successful.
The perfect match.
From setting up networks of offshore bank accounts and crypto wallets, to genuine-looking dating profiles, and victim profiling – no element is left to chance. Long before making contact with a target, the attackers organize the operation. Some teams collaborate with software developers to develop fictitious trading platforms.2
The threat actor builds up trust with the victim over time, eventually convincing them to invest larger and larger sums of money in fraudulent cryptocurrency investments, a practice sometimes referred to as “pig-butchering.”
Here’s how it might hypothetically play out. An individual meets a companion on a dating site. Trust develops. From conversations, the new companion (threat actor) knows this target has an appetite for risky investments. After a few months, the threat actor mentions a substantial profit she made trading an altcoin on an offshore crypto trading platform. She suggests that the target buy a stable coin on a Crypto-trading platform, and then transfer this to an offshore platform where he can buy the altcoin.
The target does some nominal due diligence -- visits the website and looks at trading charts (all fabricated). He conservatively invests $10,000. Within two weeks his money doubles. He brings in another $2 million to trade in this new altcoin. His money again doubles. He is ready to cash out when he is informed that $500,000 in capital gains tax withholdings must first be transferred to a Hong Kong account. The wire transfer is executed. The companion and threat actor group vanish.
Just like that.
#BeCyberSmart
Stay Concealed.
Do not reveal any information on a dating app profile that might identify you as a high-net-worth individual. Refrain from providing your exact job title or employer name, and instead disclose generic details (i.e. “Attorney at Law Firm”) that make it harder for dating app users to find you on LinkedIn or Google. In addition, consider using a Google Voice number if a dating app user asks for your phone number to text with you. This will help protect your identity since open source tools make it possible to easily research the owner of a cell phone number.
Set Absolutes Online.
Do not engage in any type of financial transaction based on advice provided by a dating app user. Report any solicitation for money or gifts to the dating app’s trust and safety team.
Preserve Evidence.
If you have fallen victim to a romance scam, remember that the more evidence you share with investigators, the higher the likelihood of exposing the threat actor. A forensic investigations team needs access to emails, chat logs, crypto wallets, and wire transfer information. These artifacts can help investigators figure out the threat actor’s real world identity.
Make better decisions to help keep our interconnected world more secure.
1 Source: "Reports of Romance Scams Hit Record Highs in 2020." Emma Fletcher. 10 Feb 2022. Federal Trade Commission. Retrieved from https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2022/02/reports-romance-scams-hit-record-highs-2021
2 Source: "Why Do We Trust, or Not Trust, Strangers?" New York University (NYU) New Release. 29 June 2018. Retrieved from https://www.nyu.edu/about/news-publications/news/2018/january/why-do-we-trust--or-not-trust--strangers--the-answer-is-pavlovia.html