What Is a Romance Scam?
Romance scams aren’t new, but they’re evolving rapidly. If you spend time on social media, chances are you’ve encountered bot accounts, with friend requests or messages that feel a little “off” or maybe too good to be true. So what’s the deal with these accounts, and how are cyber criminals actually profiting from them?
A romance scam occurs when a bad actor creates a fake online identity to form an emotional relationship with a victim and then exploits that trust for financial gain, access to accounts, or sensitive information. The scammer’s strategy is simple: they focus on building trust first and then using it to achieve their goal.
Why Romance Scams Are So Effective
Romance scams work because they bypass technical defenses and target something far more vulnerable: human emotion. Today’s romance scams often combine emotional manipulation with emerging technologies like AI-generated images, voice cloning, and deepfake video, making them far harder to detect than scams of the past.
This shift isn’t theoretical, it’s already happening in the real world. In one widely reported case, a Michigan woman named Beth Hyland believed she had found the love of her life through Tinder, only to be persuaded by a scammer using deepfake videos on Skype. Over the course of months, she took out loans and sent thousands of dollars to the scammer before realizing the relationship was entirely fabricated.
In a separate but even more extreme example, scammers used AI‑generated video and messaging to impersonate a celebrity to convince a Southern California woman that she was romantically involved with an actor. The scammers’ deepfake content was so convincing that she first sent more than $80,000 and eventually sold her family condo to continue funding what she believed was a real relationship.
Common Red Flags to Watch For
While every situation is different, these warning signs appear repeatedly in romance scams:
The Business Impact No One Talks About
Romance scams don’t just affect individuals. Victims may unknowingly share work email credentials, transfer company funds, download malware disguised as “photos” or “documents,” or use corporate devices for compromised communications. In some cases, these scams serve as an entry point for larger attacks, including business email compromise (BEC), ransomware, or data theft, creating risks that extend far beyond personal loss.
How to Protect Yourself (and Your Organization)
Romance scams can’t be stopped by software alone, but layered defenses can make a significant difference. For individuals, it’s important to verify identities independently, avoid sending money or credentials to someone you haven’t met, be cautious with personal details shared online, and consult a trusted third party if something feels off. Organizations can support this by providing security awareness training that includes social engineering and romance scams, enforcing multi-factor authentication on email and financial systems, limiting financial authority with required secondary approvals, and fostering a culture where employees feel safe reporting concerns early.
If You Think You’re Being Targeted
If you suspect a romance scam, stop communication immediately and do not send money or sensitive information. Preserve any messages or transaction records and report the activity to the platform and relevant authorities. Acting quickly can help limit the damage, both financially and emotionally.