Security awareness

How Security Awareness Can Prevent Romance Fraud

Daniel Dimov
September 4, 2015 by
Daniel Dimov

[download]Download the BEST PRACTICES FOR DEVELOPING AN ENGAGING SECURITY AWARENESS PROGRAM whitepaper[/download]

Learn the best practices for developing a security awareness training program that is engaging. Engaging awareness programs have been shown to change more users' behavior and are seen as an asset for your organization instead of annoyance. 

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

-----------------------------------------------------------------------------------------------

Section 1. Introduction

Today, in the age of the Internet, looking for an online love affair is a normal everyday practice. However, as in the real life, online relationships can bring heartbreaks, financial losses, and other tragic consequences.

A story of a 67-year-old Australian grandmother who was found dead four days after she met the object of her online affection in South Africa Republic clearly indicates the dangers of online romance scams. The woman was repeatedly providing a financial support to her 28-year-old Nigerian boyfriend and was even planning to marry him.

Police and fraud investigation specialists continuously report cases of online dating frauds in which a perfect dating partner appears to be a fraudster who obtains substantial financial resources from his/her victim. Only in July 2015, over AUD two million were lost due to dating and romance crimes in Australia.

The creation of security awareness is a crucial element that can contribute to prevention of romance frauds. Learning more about the nature of romance scams will allow the users of online dating services to identify and avoid relationships with fraudsters. This article aims to provide such security awareness by discussing online dating scams in detail. It will discuss the scheme of romance frauds (Section 2), define the warning signs that help to recognize a potential fraudster (Section 3), provide tips on how to avoid becoming one of the romantic victims (Section 4). Finally, a conclusion is drawn (Section 5).

Section 2. Romance Fraud Scheme

Romance scams resemble other types of fraud. The crook aims to convince the victim to transfer money or tries to obtain credit card information. There are two main types of venues targeted by fraudsters – legitimate dating sites and social media platforms. However, victims are also approached by email and/or mobile phone applications.

The victims of romance scammers are usually persons in their 50s and 60s, mostly divorced or widowed. Many of the victims have health, weight, or mental problems. Such vulnerable people are targeted by the cyber criminals because scammers presume their low self-confidence, a lack of knowledge about information security, and a desperate need for a romantic partner.

The potential victim is usually approached by a person whose profile is carefully adjusted according to victim's interests. For example, a 55-year-old woman who enjoys classical music can receive a letter from a 60-year-old opera lover. The profiles of fraudsters are mostly fictitious. In most cases, they contain false personal data and display stolen photographs. Another tactic used by fraudsters is the impersonation of educated people having trusted professions, such as military personnel, humanitarian aid workers, or businesspersons working abroad.

Usually, in the initial state of communication, the scammer asks the victim to continue chatting via SMS, email, or instant messaging. These types of communication allow the scammer to avoid being tracked.

After the initial chat, the relationship between the fraudster and the victim progresses rapidly. The scammer starts communicating in an intimate manner, attacks with compliments, expresses feelings of love in a short time, and promises a marriage. The aim of these activities is the emotional engagement of the victim. Moreover, in order to strengthen the illusion of a romantic relationship, the scammer may send flowers or gifts to the victim. However, despite the expressed desire to meet in person, the scammer will avoid such a meeting because of trips outside the country, health problems, or business issues. Moreover, the scammer might ask the victim to send more intimate photos or videos, which later can be used by the scammer for blackmailing.

Such an intimate communication can last for an undefined period of time until the victim feels compelled to help. Afterwards, the scammer starts asking for money. Scammer's tactic is based on the principle of reciprocity described by Robert B. Cialdini in his book "Influence. The Psychology of Persuasion". The author claims that, in order to manipulate a potential victim, the manipulator can make the victim feel reciprocal by giving gifts and making favors in advance. Thus, by providing compliments and sending small gifts, the scammer not only stimulates romantic feelings, but also sets the stage for further manipulation.

The first request for money usually occurs in about three months from the beginning of the relationship. In general, it relates to a small sum of money that would be used for a personal emergency, such as a medical issue or a car accident. Since the victim feels affectionately towards the scammer, the request for a small amount of money does not seem suspicious. However, after the first payment, the number of requests for money grows exponentially. The money is asked for business, medical operations, plane tickets, and other issues. Moreover, the scammer may involve the victim in criminal activities, such as money laundering.

If the victim becomes suspicious and refuses to transfer money, the scammer starts blackmailing her/him. The victim is threatened that the photos and the videos of an intimate nature would be published online or sent to friends and relatives. Thus, the prospective life companion shows his/her real face.

Sometimes the scam evolves and the victim experiences the second wave of scam when she/he is contacted by a fictitious police officer, who promises to investigate the fraud and catch the criminal. However, it is only one more attempt to scam the desperate victim.

A study conducted by the University of Leicester analyzed the psychological consequences of romance scams. The study found that:

"All participants were affected negatively by the scam. They suffered a range of emotions and affects, including: shame, embarrassment, shock, anger, worry, stress, fear, depression, suicidal and post-traumatic stress disorder. Some described the feeling of being mentally raped."

A woman under the nickname Jennifer, a single mother of two, got into a trap of a scammer and lost $50,000 of her life savings. The scammer convinced the woman that he was the man of her dreams and even proposed her without meeting in person. Their relationship was developed through short messages, emails, and phone calls. The scammer impersonated a wealthy businessman working abroad. The request for money was for fixing a car so that the couple would be able to finally be together. The scammer used emotionally obliging words, such as "Being a team, I know we can go through this together and come out stronger. I am counting on you my love." The woman withdrew money for a loan from her retirement account, and has never seen this money again.

Section 3. Warning Signs for Recognizing a Romance Scam

According to fraud investigators, the romance scammers use similar schemes. The first warning signs for a romance scam can be identified in the profile of a potential romantic partner:

  1. The victim receives unrealistic photos featuring a very good-looking person. Scammers usually steal such photos from various websites. However, in order to avoid suspicions, some scammers may send average looking photos to their victims.
  2. The accounts of the admirer can differ or be inconsistent on the dating site and on Facebook. The victim may notice mismatches between what the scammer says and what is featured on the scammer's profile.
  3. The scammer claims to be a successful businessman working overseas, in the military, or an aid worker, but avoids further questions about the specifics of the work. Rather, the scammer fills the conversation with the inquiries about the victim.
  4. The texts sent by the scammer are usually vague and full of grammatical mistakes, despite the fact that the scammer claims to have a good education. Sometimes, the victim is addressed with a wrong name.

In addition to the profile-related warning signs, there are other suspicious behavior patterns used by the scammer, such as:

  1. In the very beginning of the relationship, the fraudster requests the victim to continue communicating through email or short messages, and not through the dating website.
  2. As the relationship evolves, the scammer provides the victim with a lot of compliments and use endearing terms, such as "baby" or "darling".
  3. The criminal expresses deep affection and confesses love in a short time.
  4. The scammer asks for a mailing address to send some flowers or a gift. The address provided by a victim can later be used for criminal activities.
  5. As the relationship becomes more intimate, the scammer promises to arrange a meeting, makes plans, but the meeting doesn't happen due to various unfortunate circumstances.
  6. After gaining victim's trust, the scammer starts requesting money for various reasons, such as medical care, travelling issues, visa problems, plane tickets, hotel bills, accidents, or business problems.
  7. If the victim refuses to wire money, the scammer starts blackmailing her/him.

Section 4. How to Avoid Romance Scam

In order to avoid a romance scam, one needs to be aware of the characteristics of this type of crime. As the website www.romancescams.org, which unites the romance scam victims states, "Our only weapon in this crime is education". The people having relationships online could be given the following security awareness tips:

  1. Protection of the personal data. Personal information (e.g., address, telephone, and governmental ID) should not be shared with unknown people. Such information can be used for acquiring money or creating fake identities.
  2. Selecting with whom to communicate. The requests to leave the dating website and to continue the communication by email or instant messaging should not accommodated.
  3. Conducting an investigation. The photos provided by the potential companion should be analyzed. The websites, such as Google Images (https://images.google.com) or TinEye (https://www.tineye.com), help to determine the source of the photo. Thus, the victim can understand if the photo is original or stolen from another website.
  4. Don't send your money. Money should never be sent to unknown people.
  5. Avoid resending money. Any requests for sending money or goods to unknown persons should be immediately declined.
  6. Keeping companions close. Communicating with people from the same country brings fewer difficulties to meet in person than chatting with a potential soul mate from another country or continent.
  7. Keeping intimate information private. No personal images or videos, especially those of an intimate nature, should be sent to an unknown admirer. Scammers often use the received intimate material for blackmailing.
  8. Keeping the closest people informed. The family and friends should know the place where the online couple decides to meet in person.

If the romance scam happens, the victim is encouraged to inform the law enforcement authorities as well as the administrators of the dating website about the fraudulent incident as soon as possible. In addition, the victim should immediately stop communicating with the scammer.

Section 5. Conclusion

The growing number of online dating scams indicates that cyber criminals have mastered compliance techniques allowing them to exploit the emotional vulnerabilities of those who expect to meet the love of their life online.

This article has demonstrated that the romance scammers act according to sophisticated fraud schemes. The text analyzed the anatomy of romance scams, which includes: (1) establishing a relationship; (2) involving the potential victim into a romantic affair; (3) obtaining sensitive financial and personal information; (4) requesting money; (5) and blackmailing.

The ultimate antidote to potential romance scams is security awareness allowing the potential victim to identify scammers before sending them any money or personal information.

REFERENCES

  1. Cialdini, Robert B. Influence. The Psychology of Persuasion. A. Michel, 1987.
  2. https://www.youtube.com/watch?v=lA0qr-hPIoI
  3. https://www.scamwatch.gov.au/types-of-scams/dating-romance
  4. http://www.coloradoattorneygeneral.gov/Sweetheart_Scams
  5. http://www.romancescams.org
  6. http://www.actionfraud.police.uk/
  7. https://www.scamwatch.gov.au/types-of-scams/dating-romance
  8. http://usmilitary.about.com/od/justicelawlegislation/a/Online-Romance-Scam.htm
  9. http://www.datehookup.com/online-dating-guide/
  10. http://wivb.com/investigative-story/local-woman-loses-50k-in-online-romance-scam/
  11. https://www2.le.ac.uk/departments/media/people/monica-whitty/Whitty_romance_scam_report.pdf

Co-Author

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Rasa_Infosec-200x300Rasa Juzenaite works as a project manager in an IT legal consultancy firm in Belgium. She has a Master degree in cultural studies with a focus on digital humanities, social media, and digitization. She is interested in the cultural aspects of the current digital environment.

Daniel Dimov
Daniel Dimov

Dr. Daniel Dimov is the founder of Dimov Internet Law Consulting (www.dimov.pro), a legal consultancy based in Belgium. Daniel is a fellow of the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Society (ISOC). He did traineeships with the European Commission (Brussels), European Digital Rights (Brussels), and the Institute for EU and International law “T.M.C. Asser Institute” (The Hague). Daniel received a Ph.D. in law from the Center for Law in the Information Society at Leiden University, the Netherlands. He has a Master's Degree in European law (The Netherlands), a Master's Degree in Bulgarian Law (Bulgaria), and a certificate in Public International Law from The Hague Academy of International law.