Could your Valentine be a scammer? How to avoid getting caught in a bad romance

Next story

Online dating has revolutionized how people connect and find love. Now, any of us can flick through an online catalog of potential love interests in the palm of their hands – no more terrible chat-up lines at bars or being set up at awkward ‘friend-of-a-friend’ double dates.

No fewer than 350 million people used dating apps in 2022. Besides being an easy way to share your dating profile with others, however, these apps also open up a host of opportunities for scammers and hackers to exploit unsuspecting singletons. The popularity of dating apps and social media has made it easier than ever for fake suitors to find and trick their marks out of money.

The scenario where instead of finding love the lonely hearts end up with financial and emotional loss is more common than you might think. A report from the United States’ Federal Trade Commission has found that romance scams cost nearly 70,000 people a staggering $1.3 billion in 2022. This still doesn’t paint the whole picture, however, as many victims of dating scams are too embarrassed to come forward.

Compounding things further, many victims of romance fraud have also become unwitting money mules. As shown by the cross between romance and crypto scams known as pig butchering fraud (as well as by sugar daddy scams), fraudsters constantly add new ingredients to tried-and-tested recipes. And in yet another twist on dating fraud, scammers are increasingly eager to co-opt generative AI tools as a wingman to make their ruses more convincing, including to pretend to be someone like Kevin Costner.

So if you go online in search of a love connection (but AI companionship isn’t really your thing), what can you do to protect yourself from matches you mistakenly believe to be the love of your life? How do romance scammers and other threats lurking on dating apps work?

  1. Catfishing: Creating false identities

Jake Moore video embedded: https://www.youtube.com/watch?v=wmgBcDwH55U

One of the most prevalent tactics used by scammers on dating apps is catfishing – creating fake profiles with the intent to deceive their match into thinking that they are somebody else. These scammers often use stolen or stock photos and fabricated personal information to lure in unsuspecting victims. There are many websites that use AI image generation to create photos of real-looking people (who, as you may have guessed, don’t exist) that scammers can use to create a realistic persona online.

The scammer would then use this persona to connect with and message unsuspecting profiles and filter out viable targets. Once they have determined if their pen pal is able to give them what they want, they will go to great lengths to build trust and mislead them into thinking that they are in a genuine relationship. 

From that foundation of trust, the scammer can then exploit the victim financially, using made-up stories of personal crises and fake emergencies with requests for money. The poor loved-up victim may go on to transfer money, buy them gifts or even book travel in the hopes of supporting their ‘partner’ and making their dreams of true romance a reality.

And don’t be fooled, criminals do their research and can appear to be as authentic as every other profile on the market. They may go on social media to find out more about their target’s hobbies, beliefs, and habits, using this information to give the illusion of common interests, helping to create an even stronger bond. This bond then gives them more power for emotional manipulation.

How can you protect yourself from catfishers?

It sounds simple, but when you’re lost in the realms of romance, it might not be your first thought to make sure the person you’re talking to is real. Whether that’s doing a bit of social media checking, meeting in person, asking questions that require specific knowledge, or asking for proof of identity – all of these things will give you that reassurance that tanned Caroline from Ohio really is tanned Caroline from Ohio, and not mousy Clive from Seattle.

Happy they are who they say they are? Always be suspicious if they ask for money, favors or valuable information. They might be real people, but their intentions might not be. Far too commonly, online daters have fallen for fake sob stories that their online crush needs money to help pay for the medical bills of their sick relative, their fledgling business isn’t going as well as they hoped, or that they should take advantage of a once-in-a-lifetime investment opportunity.

 

  1. Phishing attacks and malware distribution

As an online platform, dating apps offer an easy gateway for phishing attacks and malware distribution. Criminals may create profiles and send seemingly innocent messages with malicious links or attachments, tricking hopeful singletons into clicking on them. They can use bots to do this on a mass level and once clicked, these links lead to the installation of malware on the victim's device. Once malware is installed, any personal information or data stored on the device is compromised, massively increasing the risk of identity theft and credit card fraud.

How can you protect yourself?

In the early stages of a conversation, before you have got to know a little bit more about your match, don’t open or click on any links they send. Even if it seems to be a harmless link to a raved-about restaurant you mention in your profile, scammers can be creative with their domain names to make the links seem even more tempting and authentic. Wait a while until you can be sure that you trust your match before exploring sharing links and exploring the realms of the internet together.

  1. Data collection for blackmail

Online dating platforms store a whole load of personal information, making them attractive targets for hackers. A journalist from the Guardian found out that through her Tinder profile, the app collected around 800 pages worth of data about her, including likes, interests, photos, friends, and romantic preferences.

Scammers may employ tactics such as data mining to extract these sensitive details from peoples' profiles. Also, incidents where such information is found exposed to the public aren’t unheard of, either – for example, 260,000 people had their images and private chat logs exposed after a publicly accessible database for a dating app was found to be exposed to the public last year.

How can you protect yourself?

These days, it’s often a trade-off. Many apps require access to some of your data to provide you with the required functionality and experience. However, it’s important to be aware of what data is being collected and how it is being used. Consider staying away from apps that don’t allow you to opt out of sharing data with third parties.

Additionally, be aware that once you put the information out there, there’s not a lot that can be done. So the best thing to do is just be careful what you do share online. Don’t post or delete anything that could be used against you (those cringe videos that you took at a friend’s stag in Vegas may come back to haunt you in different ways than you might think).

This can take an even uglier twist (and end up being a massive pay day for the scammer) if you give in to the temptation to send your racy photos or videos to your love interest. This happens especially to younger people and often starts by the bogus suitor sharing “their own” explicit photos and asking for similar photos of their marks in return. If you oblige, the blackmail begins – the fraudster will threaten to share the material with your social media contacts unless you pay up or send more compromising pictures or videos.

To avoid sextortion, do not ever hand over pictures you would be embarrassed to see published online. By the same token, don’t share sexual images or pose nude on webcam.

  1. Location-based threats

Many dating apps use location-based services to connect with other hopeful singletons nearby. While this feature makes it easier for people to find potential matches nearby, it also opens the door for potential threats. Hackers can exploit location data to track and target individuals, leading to real-world safety concerns.

How can you protect yourself?

Okay, let’s assume you don’t want to turn off location services on your online dating journey because you want to match with someone just down the road, not on the other side of the world. A compromise could be to disable location services when you’re not actively swiping or scrolling through matches. Doing this removes that extra bit of vulnerability that makes you a more attractive target for ill-intentioned netizens, when you should really just be focusing on being a more attractive target for romance. 

Conclusion

As the popularity of online dating continues to grow (predicted to have over 450 million users by 2028), so does the risk of becoming a target of scams and hacks. For those navigating their way around the online dating world, suspicious links and uncertainty over your match’s true identity should be at the top of your list of red flags (maybe even above ‘doesn’t like dogs’).

If anything seems out of the ordinary, or ‘not-quite-right’, report your match immediately and block them. But it’s not all doom and gloom, with over 70% of those online dating reporting to have found a romantic relationship, it is clear online dating can be extremely successful! So, we should all work together to make the platforms as safe and enjoyable as possible. Who knows, your true love might only be one swipe away… 

 

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on  FacebookYouTube and Twitter.