As if creepy suitors and heartache weren’t enough to contend with on Valentine’s Day, scammers are expected to be out in full force, preying on the vulnerable.
Romance scams topped 21,000 in number – with $143 million racked up in losses – in 2018, according to a report from the Federal Trade Commission (FTC).
“Given the emotions, it is no surprise that romance scam losses, averaging $2,600 each, are seven times greater than most other frauds,” said Anupam Sahai, vice president of product management at Cavirin.
While cybercriminals are known for “technological tricks and an attacker’s ability to bypass and evade security controls,” Chris Morales, head of security analytics at Vectra, said “social engineering tricks that manipulate the human psyche through emotions” are used just as commonly.
“Which is why cybercriminals have caught on. Holidays like Valentine’s Day are a particular focal point for social engineering tricks as people tend to have elevated emotions,” said Morales. “As many people feel particularly lonely on this day, any kind of attention would be comforting. It is unfortunate that many online predators would manipulate strong emotions to influence people into performing acts such as sending a financial transaction to someone whom they have never met.”
Mounting a defense “against technology-based attacks like malware necessitates the use of technology controls, but defending against social engineering becomes a mental game,” he said.
Nathan Wenzler, senior director of cybersecurity at Moss Adams, called romance scams “very targeted social engineering attacks, effectively ‘hacking’ the victim’s emotions, rather than trying to perform a technical assault.”
Armed with personal data gleaned from breaches, “it becomes much easier to have conversations that may interest the victim, build trust and ultimately pose a request for money that appeals to some aspect of their personal life that the attacker has discerned from their cache of the victim’s information,” Wenzler said. “Because of how personalized and detailed these attacks can be, it’s important that you always take things slowly and be very mindful of any potential online romance, especially if they start asking for money.”
Terence Jackson, CISO at Thycotic, had a more poetic take. “Roses are red, violets are blue and the romance scammers are looking for YOU! Another holiday. Another scam. If you don’t know who the mark is, it’s most likely you,” he said, adding that “phishing is still the attacker’s weapon of choice and there will be no shortage of well-crafted emails and messages designed to emotionally engage you and prevent you from making rational decisions.”
To spurn scammers, Jackson recommended taking the following steps:
1. Follow your gut! If it sounds too good to be true, it usually is.
2. Stay clear of stories that pull at your heart strings from unsolicited sources or strangers that are requesting money.
3. Never share usernames, passwords, bank account numbers or credit card numbers with strangers.
4. Use common sense. That Romeo or Juliet is more likely a scammer than your soul mate.
5. If the request is from someone familiar, call them to verify the request. Don’t just take a social media message at face value.
6. If your new “love” is on a dating app and one of the first requests is for money, run like the wind!