A 20% spike in bank transfer “romance” cyber fraud over the course of 2020 reflects the growing isolation and frustration felt by many people during lockdown, according to report from UK Finance, which is warning the public to keep an eye out for such scams around Valentine’s Day.
Typical scams involve targets being duped into handing over money to cyber criminals who often go to extreme lengths to convince their victim’s that they are in a genuine, long-distance relationship, using social engineering techniques to manipulate them.
With figures from the Online Dating Association suggesting 2.3 million UK citizens used dating apps during lockdown, it is perhaps unsurprising that enterprising cyber criminals have coalesced around dating apps and services; a total of £18.5m is thought to have been lost to bank transfer fraud last year, with the average loss per victim booked at £7,850.
More widely, Action Fraud estimates £68m has been lost to these scams, through money transfers, gift cards and vouchers, high-value goods, and in some cases scammers being given direct access to their mark’s bank account or credit cards.
Katy Worobec, managing director of economic crime at UK Finance, said: “With the rising use of online dating service users during lockdown, criminals are using clever tactics to exploit people who think they’ve met their perfect partner online.
“Romance scams can leave customers out of love and out of pocket, but there are steps people can take to keep themselves or their family and friends safe – both on and offline.
“People can help their loved ones spot the signs of a scam, particularly as romance scammers can be very convincing by forming an emotional attachment with their victims.”
Pauline Smith, head of Action Fraud, added: “Last year, we sadly saw criminals exploit the coronavirus pandemic as a means to commit fraud, and romance fraud was no exception. The national lockdowns, and other restrictions on our social lives, implemented because of the coronavirus outbreak, have meant more people have been seeking companionship online and this has undoubtedly affected the number of reports we have seen.
“It’s important to say that most online dating sites, social media sites and gaming apps are perfectly safe. However, any online platform that allows you to connect with and talk to other people could be targeted by romance fraudsters so it’s important to remain vigilant,” she said.
Ahead of 14 February, UK Finance is urging people to be vigilant, both over their own online activities, and those of family and friends, and importantly, to have the confidence to report if they have fallen victim to fraudsters, as help is available from Action Fraud on 0300 123 2040 or at actionfraud.police.uk. People in Scotland should report to Police Scotland on 101.
Users of dating apps should be suspicious of any requests from somebody they have never met physically, and be alert to fake profiles and photos – a reverse image search can easily identify a cyber criminal using a stock image or a photo lifted from someone else, instructions on how to perform one can be found here.
In particular, if you have not met someone in person, you should under no circumstances send them any money, allow them access to your bank account, transfer money on their behalf or take out a loan for them, provide copies of personal documents such as passports, invest your own money on their advice or behalf, purchase and send the codes on gift cards, or agree to receive or send items on their behalf.
Anybody who is concerned that a friend or relative may be being victimised can watch out for several warning signs, including being secretive and evasiveness about their relationship, investing unusually strong emotions in someone they seem to have only just met, or making plans to take out loans or withdraw funds from their bank or pension to send money.
Valentine’s Day scams
The impact of romance fraud also goes far beyond the consumer sphere to affect businesses as well, particularly during lockdown, as Simon Mullis, EMEA technical director at security firm Tanium, explained.
“As Valentine’s Day scams are likely to target personal email accounts, businesses should ensure they have visibility of what devices are being connected to a corporate network by staff,” he said.
“This can be a costly blind spot for organisations, but if they’re able to detect any successful phishing attack’s entry point and see how much of a system has been affected, quick action can be taken to fix the issue.
“The fact is, huge numbers of people are working from home and some malware families allow the bad guys to jump from host to host in the same network, which means that even personal computers in a shared home network could pose a threat to and be a ‘way in’ to corporate assets,” said Mullis.