Also during corona times – or maybe especially during corona times – I see a lot of news about social engineering and phishing. The news shows that WhatsApp-fraud is making a lot of victims. I also see that when a company gets hit by a cyber incident, that the attackers regularly come in via a malicious email. How this makes the human the weakest link in the cyber security chain, is something that has always fascinated me, and therefore I decided to work on this topic during my final thesis project. In this blog I will tell you about my research looking at possibilities to stop online romance scams which was conducted at the University of Twente under the supervision of Roeland Kegel, Mannes Poel and Marianne Junger.

What is the online romance scam?

The online romance scam is a relatively new scam, which can be related to the rising of the internet and online dating services. In this scam a scammer creates a fake online identity and together with a fake image, often stolen from the internet, he starts searching for potential victims on dating sites and social media.

After the first connection with a potential victim has been made, the scammer quickly tries to develop a romantic relationship. It can take weeks, or even months until the victim starts believing (s)he is in an actual relationship with someone (s)he met via the internet and falls in love. At this point the scammer will make a request to borrow some money. Supposedly to pay a visit to the victim or because a family member is ill and, although there is money, the scammer cannot access it at that point in time. Of course, the money needs to be transferred in an untraceable way, such as Western Union.

After a payment has been made, more requests for money will come, until the victim realises that the relationship is not real and (s)he is being scammed. The numbers of the Dutch Fraudehelpdesk show that this scam is quite successful: in 2017 a total damage of € 1,5 million was reported in the Netherlands. The annually reported damage has only increased since.
However, the financial damage is not what causes the biggest impact on the victims: they experience the loss of what they believed to be a true romantic relationship as more traumatising.

Measures against the online romance scam

A lot of research has been done looking at measures to stop online romance scams. Laws have not proven to be efficient as scammers often operate from abroad, making it hard to track them down and prosecute them. Awareness campaigns are not effective either, as knowledge about this kind of scam does not necessarily prevent people from being victimised. On top of that, the effect of such campaigns usually only lasts a few weeks.

At this moment the most effective way to check for scammers is to use reverse image search engines such as TinEye and Google Image search. However, an average user will use reverse image search only if (s)he suspects (s)he’s being scammed, which is exactly the problem.

Therefore, I looked at the possibilities to automate the detection of the online romance scam as part of my final thesis project. This is done by looking up the occurrence of the image, of the person you are dating, on the internet and looking on what kind of pages the image occurs. Using machine learning an advice is given on how likely it is that a dating profile is real or fake. My conclusion was that this solution is technically possible. However, the solution should be developed further before deployment. Furthermore, we should also think about the impact of such an algorithm. In particular when the advice of the algorithm is wrong: If the algorithm tells someone that the person (s)he is dating can be trusted, although it is actually a scammer, the likelihood of being scammed will most likely increase enormously. On the other hand, if the algorithm tells you the person you are dating is a scammer, although this is not the case, you might end what could become a potential long lasting romantic relationship, with all the consequences for both lovers as a result.

What you can do yourself

As with all examples of social engineering and phishing I would say: use common sense. However, this is easier said then done, as scammers are well aware of how to manipulate you in such a way that you will fall victim to their scam. So, what you should do: if the person you are dating with lives close by, a physical meeting might be the easiest (and hopefully the most fun option, even at a 1,5m distance). If the person lives further away, use a reverse image search engine anyway, whether you are in doubt about the intentions of the other person or not. A video call is also an option but be aware that this can be manipulated as well nowadays. And if you do not believe me on this, look at this video from BBC or this demo of the American company Pinscreen.