Notifications
Clear all
Topic starter
12/06/2026 9:56 pm
TL;DR: Romance and investment scams caused over $10 billion in reported U.S. losses in 2023, with 64,000 romance scam reports and 108,000 investment scam events, according to the FTC’s Sentinel report cited in the article. The operational lesson is that trust-building attacks now scale through GenAI, cross-platform messaging, and payment rails faster than traditional fraud controls can keep up.
NHIMG editorial — based on content published by Arkose Labs: what a coordinated response to romance and investment scams should look like
By the numbers:
- Over $10 billion in fraud and scam losses occurred in 2023.
Questions worth separating out
Q: How should organisations stop romance and investment scams before money moves?
A: Focus on the earliest controllable trust points.
Q: Why do GenAI-powered scams make traditional fraud controls less effective?
A: Because the attack now adapts in real time.
Q: What do security teams get wrong about scam prevention?
A: They often treat scams as a single-platform content problem.
Practitioner guidance
- Instrument early-channel abuse detection Monitor SMS, social, and dating entry points for repeated trust-building patterns, suspicious account creation, and rapid migration to private messaging apps.
- Add friction to high-risk money movement Use step-up review, transaction holds, and callback verification when a customer requests unusual transfers, withdrawals, or account changes.
- Build shared scam intelligence across platforms Create common indicators for fraudulent handles, mule accounts, suspicious URLs, and repeated contact sequences so telco, messaging, and financial services teams can act on the same abuse pattern.
What's in the full article
Arkose Labs' full article covers the operational detail this post intentionally leaves for the source:
- Channel-by-channel control ideas for telco, dating, social, and messaging environments
- Regulatory examples from Australia, the UK, and Europe that shape anti-scam obligations
- Practical patterns for bank teller intervention and transaction-level detection
- Examples of platform anti-bot and account-verification controls for fraud suppression
👉 Read Arkose Labs' analysis of romance and investment scam controls →
Romance and investment scams with GenAI: what controls fail first?
Explore further
13/06/2026 12:22 am
Trust-based fraud is now an identity problem, not only a fraud problem. Romance and investment scams succeed because the attacker can manufacture legitimacy long enough to pass as a trusted counterpart. That puts identity assurance, account provenance, and behavioural verification at the centre of fraud defence. When legitimacy is the product being counterfeited, security teams need to treat identity signals as the first fraud control, not a back-end support function.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks.
A question worth separating out:
Q: Who should be accountable when a scam survives platform controls and reaches a bank transfer?
A: Accountability should be shared across the platform, the payments provider, and the operational team that approved the transfer. No single control failure explains the loss. If an organisation can identify fraudulent behaviour early but cannot coordinate action across channels, the scam will still reach settlement. Governance must match the whole attack path.
👉 Read our full editorial: AI-enabled romance scams expose the limits of trust controls
