Valentine’s Day is Becoming Prime Season for Romance Scams, Do This to Protect Yourself

According to complaints submitted to the FBI’s Internet crime complaint center (IC3), victims across the San Francisco Division’s territory have lost more than $40 million to romance scams. Bitdefender data shows between early January and early February 2026, 4 in 10 spam emails were tied to love scams. The U.S is the most targeted country, accounting for 55% of all detected Valentine’s themed spam. Germany follows at 13%,  Ireland at 8%, U.K at 6% and India at 5%.

As Valentine season floods social media with roses, proposals and heartfelt messages, cybercriminals are quietly weaving their own web. Romance themed notes, surprise gift offers and anonymous confessions are increasingly being used as tools for digital fraud, turning what should be a season of connection into a moment of vulnerability.

Cybersecurity experts say the surge in incidents is a reminder to verify before trusting, because in the online world not every Valentine message comes from the heart.

Kaspersky experts detected a fake website that mimics Amazon, one of the most famous marketplaces, offering a $200 gift card. With this tempting offer, scammers encourage customers to press a “Get your Amazon gift card” button.  However, when the user clicks it, they get an MSI installer with a backdoor that cybercriminals use to remotely control the victim’s device. 

“They’re creating fake gift card websites, spoofing popular retailers, and launching phishing campaigns that prey on your desire to make your loved ones happy,” Anton Yatsenko, Lead Web Content Analyst at Kaspersky told Impact Newswire. “The best defence is to stick to well-known retailers, check URLs carefully, apply a security solution with advanced phishing detection and remember that if a deal seems too good to be true, it probably is.”

Authorities have flagged a noticeable rise in suspicious messages circulating across platforms such as WhatsApp, Instagram and email. Phrases like “Secret Valentine,” “Accept Your Valentine,” “Someone Has A Crush On You,” and “Claim Your Special Gift” are widely shared, often accompanied by clickable links that appear playful but may conceal more dangerous intent.

While harmless at first glance, officials warn these links can redirect users to phishing websites or trigger the download of malicious software. Fraudsters often time such campaigns around popular celebrations, when emotional excitement can override caution.

“Cyber fraudsters are aware that such special days or celebrations or festive periods lower people’s guard. When emotions like excitement or curiosity take over, users are more likely to click without verifying,” an Indian official from a Telangana cybercrime police station said.

Once clicked, victims may land on fake web pages designed to mimic legitimate brands. In other cases, malware installs silently in the background. “Victims might also be prompted to enter personal details or banking information under the pretext of unlocking a gift or viewing a message,” the official added.

Another common tactic involves asking users to pay a small token amount, sometimes as little as Rs 1, to claim a digital gift card or Valentine surprise. Even minimal transactions can expose card details and lead to unauthorised withdrawals. If malicious software gains access to a device, it can collect saved passwords, OTPs, contact lists and banking credentials, creating pathways for identity misuse and financial loss.

Experts say emotional decision making and last minute planning during festive periods make people easier targets. Authorities across several markets are now warning of increasingly sophisticated love scams powered by artificial intelligence, with criminals generating realistic photos, videos and messages to build trust.

Victims are often manipulated over extended periods before being pressured into sending money, sharing sensitive data or participating in exploitative activities. Officials note that seasonal spikes tend to coincide with moments when people are more likely to seek companionship online.

Recent data from the Cybercrime Investigation and Coordinating Center in the Philippines recorded 123 formal complaints involving love scams in 2025, with cases typically peaking from January to February and again in mid year and October.

Law enforcement agencies say scammers frequently rely on recognizable personas. Some pose as the “sad boy” or “sad girl,” sharing dramatic personal stories to solicit financial help. Others act as “seducers,” gaining trust before requesting compromising photos for extortion. The “investor” proposes joint cryptocurrency ventures, while the “serviceman” claims to be deployed overseas. Additional profiles include escorts demanding advance payments and “slow burners” who patiently cultivate long distance relationships before asking for money.

Officials also warn that fake e-cards, gift links and love notes often contain malicious URLs or APK files, Android application packages used to install apps outside official stores. Once opened, these files can steal personal data, access SMS messages and banking OTPs, or even take control of devices.

Sandip Gadiya, a cybercrime investigation expert in India, describes two recent cases tied to Valentine themed fraud. “Victims receive messages from unknown numbers on WhatsApp or Telegram. As soon as they click on the link shared in the message, an APK file gets downloaded on the phone,” he says.

“Once the user opens that APK file, the fraudster gets access to the entire phone. This happened to both victims. The attacker gained access to the phone, then accessed all the OTPs on SMS and started using the victim’s WhatsApp account. From WhatsApp, the fraudster began sending the same Valentine’s Day messages to all of the victim’s contacts.”

In another case, the attacker attempted to access a victim’s phone and Google Pay account after a malicious download, underscoring how payment apps have become prime targets.

Beyond digital traps, experts caution against accepting unknown parcels or responding to calls requesting sensitive information. Fake QR codes and payment requests are also circulating, often from fraudsters posing as sellers or delivery agents for Valentine gifts.

Past incidents illustrate how varied the risks can be. In 2021, scammers distributed fake WhatsApp messages advertising special deals from the Taj Hotel, directing users to a fraudulent website built to harvest personal and financial data. Authorities later confirmed the offer was fake.

Privacy threats have also emerged offline. In several reported cases across India, hidden cameras were allegedly discovered inside hotel rooms, concealed in ceiling fans, bulb holders and everyday objects. In 2017, police in Gwalior arrested two men accused of installing hidden cameras to secretly film couples, later using the footage for blackmail.

An analysis by cybersecurity firm Bitdefender of Valentine’s themed email traffic between early January and early February 2026 found that nearly four in 10 spam emails tied to the holiday were scams. The campaigns exploited seasonal expectations through dating lures, fake gift offers, misleading surveys and pharmaceutical promotions.

Promotional emails still made up the bulk of Valentine’s traffic, but Bitdefender said a significant share blurred the line between legitimate marketing and outright fraud.

Telemetry gathered by Bitdefender spam analyst Viorel Zavoiu shows that the United States was the most targeted destination, accounting for about 55% of all detected Valentine’s themed spam. Germany followed at 13%, with Ireland at 8%, the United Kingdom at 6% and India at 5%. Other frequently targeted countries included Japan, South Africa, Poland, Italy, Australia, France and Canada.

The concentration on English speaking and European audiences suggests attackers are tailoring campaigns to regions where Valentine’s promotions are widely anticipated, allowing scam messages to blend more easily into legitimate seasonal communications, the report said.

On the infrastructure side, the United States also ranked as the largest source of Valentine’s related spam, responsible for more than 43% of detected messages. Brazil, Hong Kong, China, Italy, South Africa, Poland, India, France and Hungary followed, underscoring the distributed and global nature of seasonal spam operations, according to Bitdefender.

The FBI San Francisco Division has alerted the public to the continued rise of online romance scams targeting people using dating apps, social media, and other online platforms, where criminals build trust and then exploit victims for money or sensitive personal information.

According to complaints submitted to the FBI’s Internet crime complaint center (IC3), victims across the San Francisco Division’s territory lost more than $40 million to romance scams in 2025, a significant increase to the reported nearly $22 million in 2024. Scam reports were received from 14 out of the 15 counties within the division’s Northern California territory last year.

Cyber safety officials say awareness remains the strongest defense. Avoid clicking unfamiliar links, enable two factor authentication, keep devices updated and regularly monitor financial transactions. Legitimate organisations rarely ask for sensitive information through unsolicited messages.

The modern Valentine’s season is increasingly digital, shaped by online shopping, social media interaction and app based relationships. That convenience has expanded the attack surface for cybercriminals, who see opportunity wherever emotions run high.

Love may still be in the air, but cybersecurity experts say caution should be too. In a season built on trust, the safest gesture might simply be to pause before you click.

Get the latest news and insights that are shaping the world. Subscribe to Impact Newswire to stay informed and be part of the global conversation.

Got a story to share? Pitch it to us at info@impactnews-wire.com and reach the right audience worldwide