Full Report
What HappenedOn 5 May 2026, new data revealed that British romance scam victims were defrauded of a staggering £102 million last year, representing a 29% surge in reported cases.The figures come from information gathered by Report Fraud (f.k.a ActionFraud), which is a City of London Police-run service that logged 10,784 romance scam reports in 2025.According to the data, cybercriminals are reportedly pocketing roughly £280,000 everyday by exploiting online relationships, with individual losses averaging £9,500 and in extreme cases, reaching up to £1 million per victim. This wave of scam victims is part of the growing trend where scammers blend emotional manipulation with fake cryptocurrency investment schemes, heavily weaponising AI-generated profiles, and focusing on lonely victims aged 55 to 74.Analyst Comment When analysing fraud statistics, it is important to remember that underreporting is very common, with many victims staying silent out of shame. Therefore, this is likely only a fraction of the real figures and the problem is likely much worse than we know. The data we do have, however, still reveals there is essentially an army of digital scammers routinely bleeding UK citizens dry, using not much more than a Midjourney AI subscription, a ChatGPT script, face-swapping services, and an entirely fictitious character with an emotional backstory.Losing £102 million in a single year to fake internet characters is a truly wild national milestone. The fact that reports surged by nearly a third (29%) proves that in our society, emotional vulnerability is being monetised at industrial scale. We aren’t just looking at a clumsy email from a Nigerian prince anymore. This is industrial-grade social engineering. Scammers are playing the long game, spending months "love-bombing" victims before dropping the inevitable bombshell that they need a quick bank transfer to cover a “medical emergency” or an unmissable cryptocurrency investment opportunity.In March 2026, the UK Government took some action against this threat and sanctioned Xinbi, a Chinese-language cryptocurrency marketplace accused of enabling large-scale online fraud and human exploitation. Xinbi reportedly processed more than $19.9 billion in transactions between 2021 and 2025, highlighting how much money the scam industry is generating globally.Until we treat the underground scam economy with the same significance we treat ransomware or nation state attacks, the UK will continue to be one of the world's most lucrative money spinners for heartless cybercriminals.Defensive Takeaways— Enforce the "Face-to-Face" Financial Boundary: If you are advising family members (especially those in vulnerable demographics), establish an unshakeable, non-negotiable rule: if you have not looked a person in their physical eyeballs, you do not send them money, gift cards, or cryptocurrency.— Teach Others Digital Sanity Checks: Teach your friends and family the art of basic digital literacy. Run profile images through reverse-image search tools (Google Lens or TinEye) and consciously flag the platform migration trap. Scammers desperately want to move targets off monitored apps like Tinder or Bumble and onto unmoderated WhatsApp or Telegram channels as fast as possible to avoid automated dating app ban filters.— Learn From the Mistakes of Others: To find examples of victims falling for these scams, the UK Financial Ombudsman Service’s database of decisions can act as a useful resource. The decision details can help you understand how these scams work, how much money individuals can lose, and the rate at which UK banks offer refunds or compensation. More examples can be found in my talk on this topic here.— Leverage Stripe’s FT3 Framework: If your organisation or team is tasked with combating fraud, then categorising these scammers TTPs is crucial. That’s why Stripe has developed the Fraud Tools, Tactics, and Techniques (FT3) framework. It’s designed to help security teams understand the landscape, spot gaps, develop detections, improve incident response, and foster collaboration.Relevant Sourceshttps://www.cityoflondon.police.uk/news/city-of-london/news/2026/may/romance-fraud-costs-uk-victims-102-million-in-a-year-as-reports-surge-by-nearly-a-thirdhttps://www.theregister.com/security/2026/05/05/romance-fraudsters-fleeced-uk-victims-of-102m-in-2025/5227963https://therecord.media/xinbi-crypto-marketplace-sanctionedhttps://www.financial-ombudsman.org.uk/decisions-case-studies/ombudsman-decisions/search?Keyword=cryptocurrency+investment&Sort=dateRelevant CTI Resourceshttps://search-uk-sanctions-list.service.gov.uk/designations/GHR0190/Entityhttps://www.chainalysis.com/blog/xinbi-designation-chinese-language-crypto-scam-infrastructure/https://www.trmlabs.com/resources/intel-library/xinbi-guaranteehttps://www.justice.gov/usao-edny/pr/chairman-prince-group-indicted-operating-cambodian-forced-labor-scam-compounds-engagedhttps://www.rusi.org/explore-our-research/publications/commentary/multi-billion-dollar-guarantee-marketplaces-exploit-stablecoins-scamshttps://github.com/stripe/ft3
Analysis Summary
# Incident Report: Surge in Industrial-Scale Romance and Crypto Fraud (2025-2026)
## Executive Summary
In 2025, UK citizens were defrauded of £102 million through highly sophisticated romance scams involving emotional manipulation and fake cryptocurrency investments. These attacks utilized AI-generated content (deepfakes and LLMs) to target vulnerable demographics, specifically those aged 55–74. The incident represents an "industrial-scale" surge in social engineering, leading to significant financial loss and the eventual sanctioning of supporting crypto infrastructure.
## Incident Details
- **Discovery Date:** 5 May 2026 (Report Fraud/Action Fraud data release)
- **Incident Date:** Full Year 2025 (Primary activity period)
- **Affected Organization:** 10,784 individual UK victims
- **Sector:** Private Citizens / Finance / Cryptocurrency
- **Geography:** United Kingdom (Victims); Global (Threat Actors)
## Timeline of Events
### Initial Access
- **Date/Time:** Ongoing throughout 2025
- **Vector:** Targeted Social Engineering via Dating Apps (e.g., Tinder, Bumble)
- **Details:** Scammers created highly convincing, fictitious personas using AI tools to establish emotional rapport with victims.
### Lateral Movement
- **Platform Migration:** Scammers aggressively moved victims from monitored dating platforms to unmoderated communication channels like WhatsApp or Telegram to bypass automated fraud filters.
### Data Exfiltration/Impact
- **Financial Depletion:** Victims were induced to transfer funds under the guise of "medical emergencies" or fraudulent cryptocurrency investment opportunities.
- **Aggregated Loss:** £102 million total lost in 2025; average loss of £9,500 per person.
### Detection & Response
- **May 2026:** City of London Police (Report Fraud) localized the scale of the threat via annual reporting data.
- **March 2026:** The UK Government issued sanctions against **Xinbi**, a cryptocurrency marketplace used to facilitate these fraudulent transactions and human exploitation.
## Attack Methodology
- **Initial Access:** Industrial-grade social engineering and "love-bombing."
- **Persistence:** Long-term emotional manipulation lasting months.
- **Defense Evasion:** Use of face-swapping AI and platform migration to unmonitored apps.
- **Credential Access:** Not applicable (Focus on authorized push payment fraud).
- **Discovery:** AI-driven scraping and targeting of lonely individuals aged 55-74.
- **Collection:** Gathering of victim personal/financial information through "getting to know you" phases.
- **Exfiltration:** Direct bank transfers, gift cards, and cryptocurrency transfers.
- **Impact:** Financial ruin, with extreme cases reaching £1 million per victim.
## Impact Assessment
- **Financial:** £102 million total UK loss in 2025; ~£280,000 lost daily.
- **Data Breach:** Compromise of personal identifying information (PII) during the "grooming" phase.
- **Operational:** Industrialization of fraud through AI (Midjourney, ChatGPT).
- **Reputational:** High levels of victim underreporting due to social stigma and shame.
## Indicators of Compromise
- **Behavioral Indicators:**
- Rapid request to move conversation off the original dating app.
- Refusal to meet face-to-face or participate in video calls without "glitches."
- Introduction of "unmissable" investment opportunities shortly after establishing rapport.
- Repeated requests for emergency financial assistance via non-reversible methods (Crypto/Gift cards).
## Response Actions
- **Sanctions:** UK Government sanctioned the Xinbi crypto exchange.
- **Intelligence Sharing:** Data gathered and published by City of London Police to warn the public.
- **Educational Outreach:** Dissemination of digital literacy tools and "sanity check" procedures.
## Lessons Learned
- **Vulnerability:** Emotional vulnerability is being monetized at an industrial scale, moving beyond simple phishing to complex, long-term psychological operations.
- **AI Weaponization:** AI tools (LLMs and Image Generators) have significantly lowered the barrier to entry for high-quality, convincing fraud.
- **Reporting Gaps:** Real figures are likely much higher than £102m due to significant underreporting by victims.
## Recommendations
- **Establish Financial Boundaries:** Implement a "Face-to-Face" rule; never send money to individuals not met in person.
- **Technical Verification:** Use reverse-image searches (Google Lens/TinEye) on profile pictures.
- **Framework Adoption:** Security teams should utilize **Stripe’s FT3 (Fraud Tools, Tactics, and Techniques)** framework to categorize and detect these TTPs.
- **Platform Vigilance:** Be wary of any contact that attempts to rush users onto encrypted messaging apps like WhatsApp or Telegram.
---
**Relevant Sources (Defanged):**
- hxxps://www[.]cityoflondon[.]police[.]uk/news/city-of-london/news/2026/may/romance-fraud-costs-uk-victims-102-million-in-a-year-as-reports-surge-by-nearly-a-third
- hxxps://search-uk-sanctions-list[.]service[.]gov[.]uk/designations/GHR0190/Entity
- hxxps://github[.]com/stripe/ft3