Love, Lies, and Cybercrime: Romance Scams This Valentine’s Day

February 14, 2024

Valentine’s Day is a great time to celebrate love whether you are in a relationship or single – most people celebrate the day in some way be it with date night or a girls or guys night out. Like most things, there can even be a dark side to Valentine’s Day – while many celebrate romance, others are taking advantage of those wanting to feel loved or special by someone. The FBI’s Internet Complaint Center (IC3) reported in 2022 there were 19,000 complaints relating to Romance Scams with reported losses of at least $739 Million. The Federal Trade Commission reports even more staggering numbers. According to the FTC, nearly 70,000 people reported a romance scam in 2022, totaling $1.3 billion in losses – a median reported loss of $4,400.

A Romance scam, also known as confidence scams or pig butchering, is the targeting of an individual, usually through a fake online profile on a dating site or social media, convincing them to believe they are in a relationship. The goal of  the actor is to steal money from the target. According to the FBI “most commonly, the perpetrators are men targeting women over 40 who are divorced, widowed, elderly, or disabled.  The scam usually starts with an “innocent” contact online and builds from there. Romance scammers often use well-rehearsed scripts which have been previously used successfully.” Last year, DarkOwl analysts highlighted some of these scripts found on the darknet being circulated by romance scammers.

Romance scammers are no different than other scammers – they don’t miss a beat and get to know their victim before taking full advantage of them. According to the FTC, there are frequent sayings and stories that these scammers use and follow to garner the most sympathy and make a seemingly genuine connection with their victim.

Just two days ago, DarkOwl analysts observed users of a Discord channel discussing the potential of romance scams, claiming that this scam is likely more popular around the holiday. Thankfully, romance scams have garnered more attention in recent years and law enforcement and news sources are highlighting the potential threat.

Romance scams are commonly discussed on the dark web. Last year, we explored this topic for the first time and it continues to be one of our top blogs. This year, we make researching romance scams a yearly tradition around Valentine’s Day as we explore some of the recent activities relating to these scams.

Leading up to this year’s Valentine’s Day, DarkOwl analysts observed the popular darknet forum Exploit being used to discuss the best way to target individuals through dating apps. The user claimed to have over 3,000 contacts over the age of 20 and wanted to know how he could best exploit this. The majority of responses to this post recommend that the original poster conduct romance scams in order to make money by pretending to be romantically interested and asking for money. They also recommend specific sites to get the best outcome as well as ways to receive the cash.  

People also seek data relating to individuals who have been a victim of these scams, although it is unclear what it will be used for – possibly to re-victimize as they have been deemed easy targets at least once prior.

The Flip Side

However, the dark web also highlights the impact that these scams can have on individuals. A forum which is used for communications between individuals with suicidal thoughts was used by one victim to highlight the impact a romance scam had had on them.  

In a Discord channel, a victim shares how they were a victim of romance scam that lead to her giving her scammer money and how she was able to go to the Internet Crime Complaint Center and file a report in order to get her money back – and it was recovered! She also claims that when looking for other recovery services, many offered help for a fee. Great warning that when filing any sort of scam or fraud complaint, to always work with the IC3.

Victims Fight Back!

In the screenshots below, perpetrators are targeted – victims who took offense to the scams conducted by these individuals shared all of their information through a dox. A dox (also doxx) is a detailed public record of someone’s identity. To ‘dox’ someone is to publish private information about that person – as a form of public shame and generated to enact revenge on the company or person for some perceived wrongdoing.

Another example shows an angry victim of ewhoring releasing the information of their scammer after finding out that she was also cheating on him. He leaks information including basic demographic information and calls others to “spam her with pics” to her Snapchat and Discord, which they have provided as well.

An emerging extension of romance scams has been E-Whoring, this is the practice of trading and selling nude images of other people. The intent is to sell the images to make money or impersonate the women in the images to conduct other attacks.

As we know, threat actors take great pride in proving themselves by sharing their knowledge, tips and tricks with others as a way to build up their reputation and standing out within the threat actor community. DarkOwl analysts observed many sharing, some for free and some for sale, guides and ebooks covering how to get involved in e-whoring and romance scams.

The example below is a posting on a darknet forum where the threat actor is selling his ebook in which he claims to teach how to “easily make up to $800+ a week” and to “master the method explained in no time.” He claims to be a “superb eWhore” and be a professional social engineer.

The ebook table of contents shows just how in-depth the author goes – covering everything from the very basics to the detailed specifics of how to really make a full business out of e-whoring. This is a very detailed guide and shows the steps that some of these more dedicated threat actors take to e-whore – setting up a website, making a fake ID, etc. These activities also clearly overlap with other crime that we see on the darknet and in illicit marketplaces.

Further on in the ebook guide, the author even shares some tips and tricks on how to act with their victims and what a woman would say versus a man when texting or communicating, teaching his trainees how to be believable.

Here we see another example of a guide to go from “beginner to pro” for e-whoring.

In addition, perpetrators will use the dark web in order to sell “nude packs.” Telegram is also a popular vector to sell this data with packs being sold for as little as 15 Euros.  

As long as the romance scam industry is profitable, darknet actors will continue to innovate, and we will see scammers taking advantage of innocents looking for someone special – especially around Valentine’s Day. As with conducting any activity on the internet, it is always important to remain vigilant to scams, whether that be romance scams or not.

When finding love online, always make sure a friend or family members knows you are talking to someone, always require seeing that person face to face, in person is always better (in a public place!), and never give someone money unless you are 100% positive they are who they say they are have verified their story. Be wary of anyone that makes excuses as to why they cannot meet in person or video chat, and always reverse-search images from their dating or social media profile – most romance scammers will be using someone else’s photos from online. As AI continues to make its way into everyday life, it will be interesting to see how romance scams evolve for next year’s research!

We wish all our readers a very happy Valentine’s Day!

Curious how darknet data applies to your use case? Contact us.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.