Full Report
New City of London Police data reveals British men and women lost over £100m to romance fraudsters in 2024
Analysis Summary
# Incident Report: UK Romance and Pig Butchering Fraud Losses 2024
## Executive Summary
This report summarizes the financial impact of romance fraud in the UK during the 2024/25 financial year, totaling £106 million ($144 million) in reported losses across 9,449 incidents. The trend showed a 9% annual increase, with scams often evolving into long-term "pig butchering" cryptocurrency schemes, primarily perpetrated by trafficking victims in Southeast Asia.
## Incident Details
- Discovery Date: Information released in June 2025, referencing 2024/25 financial year data.
- Incident Date: Primarily covers the UK financial year 2024/25.
- Affected Organization: UK Public (Victims of Romance Fraud).
- Sector: Consumer/Financial Services, Social Networking.
- Geography: United Kingdom (Source of losses).
## Timeline of Events
### Initial Access
- Date/Time: Ongoing throughout the 2024/25 financial year.
- Vector: Exploitation of social connections and emotional vulnerability, often leveraging online dating or social platforms.
- Details: Victims were manipulated into financial investment schemes, particularly cryptocurrency scams often termed "pig butchering."
### Lateral Movement
* **Not applicable in a traditional network sense.** The progression involved escalating emotional and financial manipulation:
* Luring victims into long-term relationships (for some female victims, lasting a year or more).
* Transitioning the relationship into an investment opportunity (pig butchering).
### Data Exfiltration/Impact
- Data Exfiltration: Not the primary focus; data exfiltration relates to sharing personal financial details or access credentials for investment platforms.
- Impact: Financial loss totaling £106 million; average victim loss of £11,222.
### Detection & Response
- Detection: Identified through mandatory reporting mechanisms to the City of London Police's National Fraud Intelligence Bureau (NFIB).
- Response Actions: The City of London Police launched a new awareness-raising campaign following the release of the data.
## Attack Methodology
* **Initial Access:** Social engineering, building false trust and emotional bonds (Romance Scam).
* **Persistence:** Maintaining the fabricated relationship over extended periods (up to or exceeding one year for some victims).
* **Privilege Escalation:** Not applicable in traditional terms; escalation refers to increasing the requested monetary investment.
* **Defense Evasion:** Relies on the emotional state of the victim clouding judgment; often targets victims of human trafficking operating the compounds themselves.
* **Credential Access:** Access gained to online banking or cryptocurrency exchange platforms based on manipulated trust.
* **Discovery:** Reconnaissance involved researching victim profiles and vulnerabilities.
* **Lateral Movement:** Progression from simple requests to complex investment fraud structures.
* **Collection:** Gathering information about the victim's assets and investment capacity.
* **Exfiltration:** Transferring victim funds (money) into fraudulent accounts/schemes.
* **Impact:** Significant direct financial loss (£106M total).
## Impact Assessment
- Financial: £106 million lost in 2024/25; average loss of £11,222 per victim. Global crypto scam losses related to romance baiting surged 40% annually in 2024.
- Data Breach: Primarily sensitive personal and financial information shared willingly under duress of the relationship scam.
- Operational: No organizational operational impact reported, as these are direct consumer fraud incidents.
- Reputational: Potential reputational shadow cast over social media platforms facilitating these interactions.
## Indicators of Compromise
* **Network indicators:** (None specified; reliance is on social engineering/off-platform communication channels).
* **File indicators:** (None specified).
* **Behavioral indicators:** Unusual requests for cryptocurrency transfers; sudden high-value financial transfers to unknown third parties, often following a lengthy online courtship.
## Response Actions
* **Containment measures:** N/A (Immediate identification of the crime occurs post-transfer).
* **Eradication steps:** Ceasing communication with the suspected fraudster(s).
* **Recovery actions:** Reports filed with the NFIB; efforts to trace funds (though often difficult, especially with crypto).
## Lessons Learned
- **Vulnerability Exploitation:** Scammers successfully exploit emotional vulnerability (loneliness, desire for connection) over long time horizons, significantly increasing average loss amounts compared to short-term scams.
- **Geopolitical Nexus:** A significant portion of these complex scams originate from organized groups operating out of trafficking compounds in Southeast Asia.
- **Crypto Component:** The "pig butchering" method is highly effective, linking romance fraud directly with sophisticated cryptocurrency investment fraud.
## Recommendations
- **Enhanced Public Awareness:** Increase public messaging specifically covering long-term romance scams evolving into investment fraud ("pig butchering").
- **Financial Monitoring:** Banks and payment processors should increase scrutiny on transfers initiated following long, emotionally intense online communications, especially those involving cryptocurrency platforms.
- **Platform Liability:** Social media and dating platforms must improve reporting mechanisms and rapid response capabilities for persistent fraudulent profiles.