Some 25 years ago, this now iconic cartoon appeared in the New Yorker and quickly became synonymous with the perils of online communication.
Anyone who has filled out a dating questionnaire, or swiped right to find a date, understands to some degree that the person they are chatting with may not be whom they appear to be. In most cases, it’s harmless enough—their profile picture might be from a different era or perhaps their profile relationship status does not reflect their actual marital status.
As disappointing as that might be when you venture out to meet a stranger from the Internet for the first time, it could actually be a lot worse.
The Rise of Romance Scams
Romance scams are hardly new. In the early 1980’s, a man named Don Lowry conned 30,000 men out of almost $5 million dollars via a ‘Lonely Hearts’ pen-pal club in which men would receive love letters for a small fee. Fast forward a few decades, and these scams have proliferated online and grown in sophistication.
These days, the most common romance scams are but a variation of this age-old scam. Anyone with an email address has likely been on the receiving end of an unsolicited request for friendship from a stranger in a strange land. But that’s just the tip of the romance scam iceberg.
Criminals have since come to recognize that online dating communities represent a trove of valuable personally identifiable information. They have also become more organized, and approach these scams like a disciplined business, with one tier of their ring sending out thousands of phishing e-mails, and then routing responses to specialists who might spend several months corresponding with a vulnerable ‘mark’. Or, they might create fake dating profiles to extract personal information from unsuspecting individuals – think of all the knowledge-based authentication questions you are asked in order to identify yourself when attempting to log-in to an account. And then think how easily someone might be able to procure that information simply by chatting through an online dating app.
According to eHarmony, one of the most recognized brands in online dating, some 40 million Americans have used online dating sites to find a date. So it’s little wonder that fraudsters have taken note. In fact, researchers at the Netcraft security blog, discovered evidence of some 862 phishing scripts planted on online dating sites – only eight of which targeted banks.
As the researchers note, “online dating fraud is often orchestrated by criminal gangs who use fake profiles to trick victims into developing long distance relationships…. The amount of money involved in these scams can be considerable. In 2011, a woman in Britain was tricked into sending more than $59,000 to a pair of fraudsters who pretended to have inherited millions of dollars from a military friend in Nigeria. The fraudsters - who were actually a mother and daughter in America - managed to net more than a million dollars before being jailed in 2013.”
So what does iovation’s data from aggregated from our online dating customers tell us about the prevalence of romance scams? Looking at hundreds of millions of transactions from these customers over the past two years, we noticed some alarming trends:
The chart shows four different evidence types that online dating customers report back to the community. Each of these evidence types are strong indicators of either an individual or an organized ring attempting to create fraudulent dating profiles. As the data shows, 2017 witnessed a two to three times increase in ‘identity mining/phishing attempts’, ‘spam’ and ‘scammers/solicitation’ fraud reports over 2016. But what really jumps out is that last category: “Profile Misrepresentation” which skyrocketed from 21,500 reports in 2016 to 1,650,000 confirmed reports in 2017, representing a total increase of more than 7,500%.
It’s also worth noting that the volume of transactions with evidence increased 40% from 5.4M in 2016 to 7.6M in 2017 so of the four evidence types outlined above as being ‘indicators’ of romance fraud, in 2016 roughly 56% of the total evidence placed was represented by those four types while in 2017, almost 86% of evidence placed was comprised of those four types.
So what accounts for this marked increase across all of four categories? It could be that 2017 was the year that fraudsters concentrated their efforts on these communities. However, it could also be due to the fact that iovation’s customers have vastly improved their ability to recognize and “categorize these fraud attempts. Either way, it’s clear that so long as dating sites grow in popularity, fraudsters will continue to seek opportunities to exploit them.
While dating sites have gotten more sophisticated in responding to fraudulent dating profiles, it will remain an issue until consumers are better educated about safeguarding their privacy, and get smarter about spotting signs of fraudulent behavior. To help this education, we created an infographic that highlights these issues, and we encourage you to share with their friends and colleagues.
About Scott Waddell
Scott began his career in information security as a charter member of the Air Force Information Warfare Center, pioneering tools and techniques for automated vulnerability assessment and incident response. He is an innovative technologist and executive with more than 20 years of hands-on leadership experience.