While many consider a romantic relationship to be a personal matter and not an organizational issue, few realize that an employee falling for a romance scam can have a direct impact on an organization’s bottom line.
Whether a victim is approached online or in person, the financial consequences of dating scams can be immense for both the employee and the organization. Crimestoppers in the United Kingdom reported that more than £106 million was lost to romance scams in 2024. In the United States, the FBI reported that in 2024, romance scams resulted in losses of more than $670 million. These losses could extend to an organization if the employee is pressured into accessing confidential information or transferring company funds, especially if the victim has already drained their personal finances.
By educating employees about romance scams and their common indicators, organizations can help protect their finances, assets, and employees.
How Romance Scams Develop
Criminals who specialize in romance scams are con artists who use social engineering to manipulate people’s emotions and their desire for love and then take advantage of the victim’s belief that they are in a real relationship.
In a romance scam, criminals target victims with strategic behavior that can be viewed as red flags:
- “Love bombing” the victim. Criminals use flattery, affection, and praise to build trust. They often overwhelm the victim with verbal or written messages, and quickly ramp up the relationship. The victim may feel pressured or encouraged to spend excessively on the supposed loved one, receiving nothing in return.
- Making peremptory requests.The criminal may ask for money, claiming it will be used for an investment, medical care, or travel. They may ask to borrow an employee’s mobile device to add their phone number to the contacts list. Or they may ask the victim to send intimate photos or videos of themselves.
- Appearing to be in sync with the victim. The criminal often molds their interests and opinions to reflect those of their victim. They present themselves as attentive and sincerely interested, seeking detailed insight into the victim’s personal life.
Common Romance Scams
Catfishing
The scammer posts a targeted, fabricated biography and photos on dating apps or social media sites, using this fake identity to manipulate the victim into sending money or revealing confidential or personal information.
Catfishing scams can span weeks, months, or even years. Once the victim grants the first request, this opens the door to additional demands—resulting in deepening emotional and financial consequences for the victim.
Sextortion
People of any age could be targeted in a sextortion (sex + extortion) scam. Victims may be blackmailed with explicit photos or videos that they sent to their “partner.” Alternatively, criminals send an email to the victim claiming that they have hacked the victim’s laptop or phone, and have filmed the person doing personal acts, or they have evidence that the victim visited porn sites. Even if the victim pays the original extorted amount, the criminals sometimes return with additional demands, putting the employee and the organization at risk.
Mobile Device Theft
While many romance scams are conducted online, this romance scam occurs face-to-face. After the criminal strikes up a conversation with the victim, the criminal observes them unlocking their phone. If a passcode is used, the criminal memorizes the code, or if biometrics are used, the criminal finds a reason to borrow the phone and surreptitiously turns off the biometric, forcing the victim to use their passcode, which the criminal memorizes.
Then, the criminal steals the mobile device, types in the passcode, and quickly changes the iCloud or Google Play password—locking the victim out of their account, and preventing them from accessing their information or wiping the phone. This puts not only the person’s information at risk, but also the organization’s.
Awareness Can Protect Employees and the Organization
Organizations should include romance scams in cybersecurity awareness training. By educating employees on how to identify a romance scam, risks to the organization and employees can be reduced.
Encourage employees to follow these tips when meeting someone new, whether online or in person:
- Research potential partners. If the person seems to be too good to be true, be wary. Enter the person’s name, location, and images into a search engine to find out more information, including if the potential love interest has been involved in prior scams.
- Keep in mind that anyone of any age could be targeted. Often, the stereotype of a romance scam victim is an older person. In reality, scammers target people of all ages, using a persona that they think the victim will respond to.
- Be aware of how their public information can be used. The more public information that is available, the easier it is to be targeted. Check the security and privacy settings of all social media to confirm that profiles can only be viewed by trusted contacts and friends.
- Be wary of an unknown person’s overt interest. Respond cautiously if a stranger appears very interested and asks for personal or professional details. Never allow anyone to use or borrow a device with access to work information.
- Pause before responding to requests. Never email or text personal or professional sensitive information (e.g., username, password, banking details) or explicit photos or videos.
- Discuss the situation with another person.If the romantic partner is rushing the relationship or the situation feels “off,” consult a trusted friend or family member. They are more likely to have an unbiased opinion.
Organizations should set up controls to reduce such risks:
- Ensure employees are familiar with reporting channels and key points of contact such as the IT and security teams.This will help ensure that employees contact the correct channel if a security incident needs to be reported. Advise them to immediately report if a laptop or mobile phone with access to corporate data has been lost, stolen, or accessed by an unauthorized person. Review the organization’s policies and procedures regarding lost or stolen devices to reduce the risk of exposure.
- Specify and enforce technical requirements for mobile devices that connect to the network or access corporate data. Implementing mobile device management (MDM) software provides security administrators with threat detection and monitoring abilities while reducing security vulnerabilities. MDM software also provides organizations with remote wiping ability if a device has been lost, stolen, or accessed by an unauthorized person. In addition, establishing an acceptable use policy that requires employees to update their devices regularly is critical to devices remaining secure.
- Implement internal financial controls. Ensure that the employee who initiates a payment is not the one who authorizes it. Having multiple checks and balances will reduce the chance of fraud or irregularities.
Responding to a Romance Scam
Financial fraud and blackmail that result from a romance scam are crimes, and victims should not feel embarrassed or ashamed. People who fall victim to these scams are encouraged to report the crime, as law enforcement may be to identify the criminal or fraud ring and perhaps bring the scammers to justice. Reporting the crime may also help prevent future scams.
In addition to reporting the scam to law enforcement, employers should encourage employees to follow the recommendations of the FTC, which gives advice that can help people in any country if they were a victim of a romance scam.