Romance fraud and your business

Romance fraud is an old-fashioned confidence trick with a new lease of life, and it’s very simple: gain the confidence of someone, so that they trust you, and then take them for everything they’ve got.

These days, romance scams often take place online, either on dating sites or via a social network site. The con artist, using a fake profile, cultivates a (fake) romantic relationship with his or her victim, and after a while asks for money from their victim, who willingly—and often repeatedly—pays whatever is asked of them (money for loans, hospital treatment, bail, travel expenses and so on) for their beloved.

While this typically involves a romantic relationship—hence the name—it doesn’t have to be a romantic one: it could be an apparently strong relationship based on common interests, whether personal or business. The point, from the scammer’s point of view, is to gain the complete trust of their victim, so that they will willingly share whatever assets they have access to, or perhaps invest in the scammers ‘business’.

This kind of psychological manipulation can happen to anyone—including your staff—and it can be devastating when that person finds out they’ve been scammed, particularly by someone they trusted.

There is an additional risk to your business: a skilled con artist may be able to persuade their victim to take money from your business to give to them, or to share sensitive information about your business and/or your customers, leading to further cyber-crimes.

The victim may share this kind of information willingly—perhaps to please or impress their beloved—or they may be being blackmailed into doing it. Whatever the reason, they are now an insider threat to your business as well as being a victim.

The things to watch out for in your staff, include:

Unusual behaviour or personality changes
A decline in work performance, or becoming unreliable
Appearing stressed, defensive or confrontational
Avoiding taking holidays
Accessing data that isn’t part of their job, or downloading a lot of data
Logging in at odd times, or failing to follow security policies.

What can you do?

There are steps you can take to protect both your business and your staff from this kind of attack.

Talk to your employees about the warning signs of a romance scammer:
- They don’t want to meet up in real life (usually they claim to be abroad, perhaps in the military, or working on an oil rig)
- They avoid video calls
- Their profile pictures are unusually attractive
- They appear to be a perfect match, and get deeply involved very early
- They want you to move to a different platform or app as soon as possible
- They ask for a lot of information about you; but don’t reveal much about themselves
- Their story doesn’t quite add up—something seems off. Trust your instincts, and tell a family member or someone you trust about your new relationship
- They ask for small sums of money initially, and then escalate—perhaps for a medical emergency, or because they are in danger and need money to escape a situation
- They want you to send money using cryptocurrency or gift cards, or by wiring money, or to receive a package.
Show employees how to do a reverse image search (try tineye.com), and suggest they routinely search for names and email accounts online. This might sound stalkerish, but will help protect them: if it becomes the norm to check up on someone, then people are more likely to do it if they sense even the smallest of red flags.
Protect your business by making sure that an employee who can authorise payments is not the same person as the one who initiates it—and that bank statements are checked by a third party. This is known as ‘separation of duties’, and should reduce the risk of unauthorised payments to the scammer.
You can also protect your business by making sure that everyone takes holidays—at least two weeks—so that any suspicious activities come to light when someone else is doing that work. Cross-training, and job-rotation can also improve morale by providing opportunities for development and promotion.

Would you like more cyber security advice and information? You can subscribe to our newsletter here or contact us for a chat about the security issues that are worrying you. Find out more about how Click and Protect can help.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

What can you do?

You might also be interested in: