Introduction
In 2025, the Finnish police alone recorded 10,272 cases of online fraud, with estimated financial losses of approximately €88 million. Most of these were phishing offences, with 6,526 reported cases, and phishing also generated the highest criminal gains, exceeding €38 million. The third largest category was romance and document fraud, with 1,406 reported cases and criminal gains of more than €13.6 million. Considering that Finland is a nation with only 5.65 million habitants, you can multiply these millions repeatedly to grasp the importance of the matter globally.
The aim of romance fraud scammers is not only to steal money from victims, but also to exploit trust and intimacy in ways that can lead to further extortion and wider harm, including risks to employers’ financial, intellectual, and other valuable assets.
The Stockholm Criminology Symposium is an annual international conference held in Stockholm, bringing together criminologists, policymakers, practitioners, and other experts to discuss evidence-based responses to crime in both physical and digital environments.
This year, together with my research colleagues Riikka Kanervo and Maria Normann, I contributed to our workshop, “Have we underestimated the power of love? What we need to learn and unlearn as researchers and practitioners when it comes to online romance scams?”, which examined love fraud, or romance scams, from the perspective of victims and those close to them.
We cannot dismiss the dangers of romance scams with a shrug, given that organised criminal groups are increasingly involved in large-scale online romance fraud operations. Evidence from INTERPOL and the United Nations Office on Drugs and Crime shows that scam centres and related criminal infrastructures have expanded across South-East Asia and beyond, with romance scams forming part of a wider ecosystem of cyber-enabled fraud.
Practical prevention must begin - also in working environments
For companies, the key lesson is that romance scams and related social-engineering fraud should not be treated only as a private matter affecting individual employees, but as an organisational risk that can expose money, credentials, confidential information, and internal processes. Prevention therefore requires more than cyber security tools alone.
Your staff needs education on emotional manipulation, trust-based deception, and the ways in which personal victimisation can create wider risks at work. Organisations should also build a culture in which concerns can be reported early without stigma, while supporting this with strong technical controls such as multi-factor authentication, access management, monitoring, payment verification procedures, and data protection solutions.
Only by combining awareness, support, and layered security can employers reduce the broader harms linked to romance scams and related fraud.
