Skip to content

Romance Scams vs Fraud Kill Chain

06 March 2024

This blog is part of a series, where we will offer the tools to check your fraud detection capabilities for readiness on the most prolific fraud and scam types.

From Malware campaigns to scams, we’ll analyse TTPs, Fraud Kill Chain mappings, and detection gaps. 

This second episode is about one of the most impactful scams for victims: Romance Scams  

The Problem 

Romance scams require the scammer to invest quite some time with the victim. A typical interaction has these steps:

  • Baiting: The scammer creates an attractive profile on a dating app or website, using fake photos and personal information. They may also target specific groups or interests that match the victim’s preferences. They will ask a victim to communicate via private channels (such as Whatsapp)
  • Grooming: The scammer establishes a rapport with the victim, expressing interest, affection, and commitment. They may also send gifts to win the victim’s trust. They communicate frequently and consistently using phone calls, texts, or emails.
  • Creating crises: The scammer invents a problem or emergency that requires money, such as a medical issue, a travel mishap, a legal trouble, or a business opportunity. They ask the victim to send money, usually through a wire transfer, a prepaid card, or a gift card. They may also ask for personal or financial information, such as bank account details, passwords, or identification documents.
  • Manipulating or blackmail: The scammer may threaten to expose the victim’s intimate photos, videos, or messages, or harm the victim or their family if the victim does not comply with their demands. They may also claim to be in danger or arrested, and ask for more money or help.
  • Revealing the scam: The scammer may disappear with the money, block the victim’s contact, or admit the truth. Alternatively, the victim may discover the scam through their research, a friend’s intervention, or a law enforcement notification.

Our research shows over a quarter of scams are performed in this way.

Screenshot 2024-03-04 at 08.52.32

About the Fraud Kill Chain

With the right tools, anti-fraud teams should be able to pick up the tell-tale signs of these attacks. The Fraud Kill-chain is a useful tool to identify detection opportunities and gaps. It allows anti-fraud teams to map capabilities to attacks and helps control various frauds and scams.


Screenshot 2024-03-04 at 08.52.04

The difficulty with scam detection is the lack of “technical” TTPs. “Receiving flowers” isn’t something you can detect in on-line session data. There’s a clear gap in the “account access” stage. Since most of the manipulation is done by social engineering rather than technical manipulation, detecting anomalous behavior is key.

Screenshot 2024-03-04 at 08.51.20

Romance Fraud vs Fraud Kill Chain 

We can see a plethora of TTPs identifying various stages of attacks before, during, and after. This means there is a lot of opportunity for detection, but it requires sensors and processes in digital channels.  


Detection Gaps & Opportunities 

Gap 1: Customer Journey Visibility 

In many scam attempts, device use and the transaction will seem completely benign. To detect behavioral aspects, it’s key to have customer journey visibility: all interactions happening between login and transactions.

Gap 2: Web, Mobile & App Visibility 

Web and app adoption is increasing rapidly. This is why a detection stack should include customer journey visibility on any online channel: web, mobile, and app.

Gap 3: Behavioral Biometrics

Manipulation of behavior requires a different perspective. Behavioral Biometrics is the best technology available. It’s key to have multiple models:

  • The “attack” perspective, spotting manipulation, pressure, and hesitation.
  • The “individual use” perspective, detects when a customer’s interaction with the device is “different than normal”.

Conclusion & Takeaways 

As scammers are raking in billions, anti-fraud teams are to perform the following checks:

  1. Check your detection processes for Customer Journey visibility
  2. Check if you have visibility on your on-line channels
  3. Consider adding in-channel behavioral biometrics technology to integrate with your detection process.
  4. Stay up to date with the threat evolution with mobile threat intelligence

Detection Readiness Workshop 

ThreatFabric helps banks and financials globally perform these analyses. If you’re interested in a detection readiness workshop, use the link below for a free consultation.


Questions or demo?