Falling for the Fantasy: The Hidden Dangers of Romance Scams

A friend recently shared a story about someone they knew who believed she was in a romantic relationship with Brad Pitt, the actor known for countless roles including Fight Club and Once Upon a Time in Hollywood. Though she had never met him in person, she had sent him money and was confident they would meet soon. Before you dismiss this, remember how easily imposter scams play on our emotions, making us ignore every instinct telling us something’s wrong.

Karen was never one to obsess over celebrities. Like many, she admired actors from a distance, but the idea of a Hollywood star reaching out to her seemed impossible—until one day, a message from an account claiming to be Brad Pitt appeared in her inbox. The famous blockbuster actor seemed to have stumbled across her profile and found her “refreshingly real.” At first, Karen laughed it off. Surely, this couldn’t be real. But as the messages continued, filled with personal anecdotes and voice notes that sounded just like him, her skepticism faded.

Weeks passed, and the relationship deepened. "Jason" opened up about the pressures of his fame, his trust issues, and how hard it was to find someone who liked him for who he truly was. Karen felt special, chosen. After all, why would a star like Brad Pitt need to deceive her?

Then, the ask came. "Brad" confided that he was embroiled in a complex legal dispute over a film contract, with his finances tied up in legal limbo. Apologetically, he asked Karen for help, reassuring her that this was temporary. “You’re the only one I can trust,” he said. “As soon as this is resolved, I’ll fly you out here and we can finally meet.”

Karen hesitated but ultimately wired the money, wanting to support the man she had grown so close to. After all, this was Brad Pitt. He was good for it—right?

It wasn’t until she mentioned her "relationship" to a close friend that reality hit. Her friend showed a YouTube video where Brad Pitt reacted to scams using his name and ran a reverse image search on the photos "Jason" had sent.

Unfortunately, Karen had fallen victim to a classic romance scam. The man she thought was a Hollywood star was, in reality, a fraudster using a fake profile and stolen photos to manipulate her emotions and steal her money. By the time she realized the truth, the scammer had disappeared, leaving Karen heartbroken and significantly out of pocket.

The Psychology Behind Romance Scams

Karen’s story is all too common. In 2023, the FBI’s Internet Crime Complaint Center (IC3) received nearly 18,000 complaints of romance scams, resulting in around $650 million in reported losses. The Federal Trade Commission (FTC) keeps their own data on romance scams. In 2023, romance scams accounted for 64,003 reports and led to the highest financial losses, totaling $1.14 billion, with a median loss of $2,000 per person.

But what makes people like Karen, who are often savvy in other areas of life, fall for such obvious deception?

The answer lies in the psychology of confirmation bias (I knew that undergrad degree would come in handy). This cognitive phenomenon occurs when people seek out information that supports what they want to believe while dismissing facts that contradict it. In Karen’s case, she desperately wanted to believe that she was special—that a Hollywood star had chosen her out of millions. Even though part of her knew that the sudden requests for money and secrecy didn’t add up, confirmation bias clouded her judgment. She interpreted "Brad’s" affection as genuine and ignored the glaring red flags that something wasn’t right.

Scammers exploit this bias by crafting believable stories that align with the victim's hopes and dreams, making it easier for the victim to rationalize even the most suspicious behaviors. It's a cruel manipulation of trust, and once the scammer has embedded themselves in the victim’s emotions, escaping the trap becomes much harder.

Spotting Romance Fraud

While romance scammers can be persuasive, there are telltale signs that can help you spot and avoid falling victim to their schemes.

1. Avoid sharing personal information too soon. Scammers will often try to gather sensitive details, such as your address, financial information, or even intimate photos, which they can later use to manipulate or blackmail you.

2. Don’t send money or gifts to someone you haven’t met in person. This is one of the biggest indicators of a romance scam. No matter how compelling the story might be—whether it’s a medical emergency, a legal issue, or a business problem—never send money to someone you haven’t met face-to-face.

3. Research the person’s profile and photos. A simple reverse image search can reveal whether the photos the person is using have been posted elsewhere under different names. Scammers often use stolen images from other profiles or public sources, so doing a bit of detective work can uncover fake accounts.

4. Be cautious if someone asks you to leave the dating platform quickly. Scammers often push to move conversations off dating apps or websites to private messaging apps or phone calls. This makes it harder for platforms to monitor their behavior and increases the risk of falling into a trap.

5. Slow down and talk to someone you trust. Scammers thrive on urgency and secrecy. If someone you’ve only known online is pushing for rapid progress in the relationship or asks you to keep things quiet, that’s a major red flag. Take a step back and discuss the situation with a trusted friend or family member.

6. Report the scam. If you believe you’ve been targeted by a romance scam, report it to the FTC, the FBI's IC3, local police, and the platform where the scam occurred. Reporting not only helps authorities track down the scammer but also raises awareness and may prevent others from falling victim.

News Roundup

Ukraine Strikes Back

On Oct. 7, Ukrainian military intel teamed up with the "VО Team" to hack Russia’s "Pravosudie" court system, effectively shutting down court websites and email systems. The attack prevented users from filing lawsuits or accessing court schedules, while also exposing personal data and internal documents. The best part? The breach exploited weak links in Russia’s much-touted cybersecurity systems. It’s just one more hit in a string of Ukrainian cyberattacks, including those targeting Russia’s military logistics and troop movements.

Russia Detains More Americans

A Russian court has sentenced 72-year-old American Stephen James Hubbard to nearly seven years in a penal colony for allegedly fighting as a mercenary for Ukraine. Prosecutors claim he served in a defense unit in Izyum before being captured by Russian forces in April 2022. While Hubbard pleaded guilty, his sister insists he held pro-Russian views and wasn’t the type to fight, describing him as a pacifist. Hubbard’s sentencing comes alongside that of another American, ex-marine Robert Gilman, convicted of assaulting a Russian prison officer.

China Spies on Your Phone Company

A group of Chinese government-linked cyber spies have infiltrated several US telecommunications firms, including AT&T, Verizon, and Lumen, in an apparent search for sensitive national security information. Investigators believe the hackers may have accessed wiretap warrant requests, and raises concerns about potential national security risks. US telecom firms, critical to communication infrastructure, hold vast amounts of sensitive data, making them prime targets for foreign intelligence.

Cybercrime Surges to Record Levels

Cybercrime surged in 2023, with over 800,000 cyberattacks globally each year, according to the World Economic Forum. Major incidents included the theft of US State Department emails and a ransomware attack on the UK’s Royal Mail. As digital threats evolve, cybersecurity leaders warn of increased risks due to geopolitical instability. In fact, 91% of business and cyber leaders surveyed believed geopolitical instability could drive a far-reaching cyber event in the next two years.Strengthening cyber resilience is crucial, requiring formal strategies, regular risk assessments, and better incident response. Are you ready?

Check out my recent podcast appearance

Check out my appearance on the Secure Dad Podcast where Andy and I discuss advice for parents navigating the cybersecurity landscape.

Are you protected?

Recently nearly 3 billion records containing all our sensitive data was exposed on the dark web for criminals, fraudsters and scammers to data mine for identity fraud. Was your social security number and birthdate exposed? Identity threat monitoring is now a must to protect yourself? Use this link to get up to 60% off of Aura’s threat monitoring service.

Have any questions about cybersecurity or a topic you’d like me to cover? Reply to this email or comment on the web version, and I’ll include your question in next month’s issue! Let me know which of the weird stories is your favorite.

Thank you for subscribing to Spies, Lies and Cybercrime. Please comment and share the newsletter. Together we can make the world safe from cyberattacks, especially if they seem to come from a celebrity.

Warmest,
Eric

Let's make sure my emails land straight in your inbox.

Gmail users: Move this email to your primary inbox

On your phone? Hit the 3 dots at top right corner, click "Move to" then "Primary."

On desktop? Close this email then drag and drop this email into the "Primary" tab near the top left of your screen

Apple mail users: Tap on our email address at the top of this email (next to "From:" on mobile) and click “Add to VIPs”

For everyone else: follow these instructions