Romance scams remain the most successful fraud strategy for cybercrooks, and represents a growing sector, according to the Federal Trade Commission. Last year, romance schemes accounted for a record $304 million raked into illicit coffers, according to new data – up about 50 percent from 2019.
These gambits typically start with a an online connection that turns into daily communications; the scammer hones a relationship with the target from afar before eventually asking for money. A besotted target then sends funds in the form of a gift card (this payment type was up 80 percent in 2020, the FTC found) or a wire transfer.
“Sooner or later, these scammers always ask for money,” the FTC said in a notice last week. “They might say it’s for a phone card to keep chatting. Or they might claim it’s for a medical emergency, with COVID-19 often sprinkled into their tales of woe. The stories are endless, and can create a sense of urgency that pushes people to send money over and over again.”
Romance scams have flourished during the COVID-19 pandemic, thanks to a widening pool of targets, the FTC said. More people are turning to virtual ways of connecting, and are using social media and online dating apps more.
“Scammers fabricate attractive online profiles to draw people in, often lifting pictures from the web and using made up names,” according to the FTC. “Some go a step further and assume the identities of real people. Once they make online contact, they make up reasons not to meet in person. The pandemic has both made that easier and inspired new twists to their stories, with many people reporting that their so-called suitor claimed to be unable to travel because of the pandemic. Some scammers have reportedly even canceled first date plans due to a supposed positive COVID-19 test.”
Interestingly, another aspect of romance fraud involves victims being unwittingly used for money laundering.
“People believe their new partner has actually sent them a large sum of money,” according to the notice. “Scammers claim to have sent money for a cooked-up reason, and then have a detailed story about why the money needs to be sent back to them or on to someone else. People think they’re helping someone they care about, but they may actually be laundering stolen funds. In fact, many reported that the money they received and forwarded on turned out to be stolen unemployment benefits.”
In 2020, the median dollar loss for individual victims was around $2,500, which is more than 10 times the median loss across all other fraud types, the FTC said. That’s the highest losses have ever been, according to the FTC, but romance fraud has been on the rise for a while., From 2016 to 2020, total dollar losses increased more than fourfold, and the number of reports to the FTC nearly tripled.
The losses vary by age group, however. According to the FTC, people ages 20 to 29 saw the largest increase in targeting, with the number of reports more than doubling since 2019. People ages 40 to 69 were the most likely to report losing money however. And people 70 and older reported the highest individual median losses at $9,475.
Romance is a popular theme for cybercrime in general. Ahead of Valentine’s Day, a campaign using fake “recent order” email confirmations for flowers or lingerie began circulating. These emails are actually part of a spear-phishing attack, which ultimately leads recipients to a malicious document that executes the BazaLoader malware.
Is your small- to medium-sized business an easy mark for attackers?
Threatpost WEBINAR: Save your spot for “15 Cybersecurity Gaffes SMBs Make,” a FREE Threatpost webinar on Feb. 24 at 2 p.m. ET. Cybercriminals count on you making these mistakes, but our experts will help you lock down your small- to mid-sized business like it was a Fortune 100. Register NOW for this LIVE webinar on Wed., Feb. 24.