How Scammers Use ChatGPT to Scale Romance Scams

In November 2025, a Mumbai-based fintech analyst I'll call Sahil reported a romance scam to the local cybercrime cell. What made the case unusual wasn't the loss — INR 14 lakh, which is sadly not unusual anymore — but the script. When investigators reviewed Sahil's chat logs from the eight weeks of conversation, they noticed the cadence of the replies, the use of consistent endearments, the way the "girlfriend" remembered minute details from messages sent three weeks prior. The replies arrived too fast for a human typing on a phone.

The forensic team eventually traced the scam to a single operator running 47 simultaneous "relationships" through a custom interface that piped messages into ChatGPT, then back to the victims. The operator's job wasn't to flirt. It was to feed prompts and copy-paste replies. The actual romance was being generated by a language model.

This is what romance scams look like in 2026. The economics have changed. The scale has changed. The detection problem has changed too. This is a practical guide to how it works and how to protect yourself.

The Pre-AI Romance Scam

To understand what's new, you need to understand what came before. The classic romance scam pre-2023 was a one-to-one operation. A scammer — often based in West Africa, Southeast Asia, or, increasingly, the Indo-Myanmar border zones — would build a fake profile, target a single mark, and run a 6 to 12 week emotional manipulation campaign. The investment was high: hours per day per victim, cultural fluency, emotional labour. The payout, when it worked, was high too.

The bottleneck was time. A single scammer could maintain perhaps 5 to 8 active romances at once before quality degraded. NCRB data from 2022 logged about 4,800 reported "online dating fraud" cases in India. The actual number was certainly higher (under-reporting is constant in this category), but the order of magnitude was knowable.

In 2024 and 2025, that order of magnitude changed. NCRB reported 18,200 dating-related fraud cases in 2024, a 280% jump over 2022. The Indian Cybercrime Coordination Centre (I4C) attributed roughly 40% of the increase to "automation-assisted social engineering" — a category that didn't exist as a tracked metric before 2023.

The bottleneck broke. ChatGPT is the reason.

What an AI Romance Scam Actually Looks Like

Here is the operational structure of a modern AI-assisted romance scam, based on case studies from the I4C and three private investigations I worked on in 2025.

1. The infrastructure. A single operator runs a simple desktop application — often built in Python in under 200 lines — that connects to a ChatGPT API account. The application maintains a separate "memory" file for each victim. Each file contains the persona's backstory, a list of facts shared by the victim, and the running conversation context.

2. The personas. Each scam uses a stock persona built from stolen photos (usually scraped from Instagram accounts of real women in Russia, Ukraine, or the Philippines), a fake name, a backstory, and a set of "personality traits" that ChatGPT is instructed to maintain. The system prompt looks something like: "You are Anya, a 28-year-old physiotherapist in Kyiv. You are warm, slightly shy, and emotionally available. You want a serious relationship. You ask questions about the user's life and remember the answers."

3. The conversation loop. When a message arrives from a victim, the operator pastes it into the application. The application sends the message plus the running context to ChatGPT, which generates a reply. The operator pastes the reply back. Total time per message: under 30 seconds.

4. The escalation trigger. After a fixed number of conversation days (typically 21 to 35), the script begins introducing a financial crisis. The crisis is generated dynamically by ChatGPT based on facts the victim has shared. If the victim mentioned a parent's illness, the crisis will involve a parent. If they mentioned travel, it'll involve a stranded passport.

5. The cash-out. UPI is the preferred channel. The operator provides a UPI ID (usually one of several mule accounts) and waits. If the victim hesitates, ChatGPT generates emotional escalation prompts. If the victim sends money, the relationship cools off and ends within 14 days.

The whole pipeline can be operated by one person managing 30 to 50 victims simultaneously. The marginal cost per scam is roughly INR 80 in API fees. The expected return per victim, when it works, is between INR 1 lakh and INR 30 lakh.

Why ChatGPT-Based Scams Are Harder to Detect

The traditional advice for spotting romance scams — bad grammar, generic compliments, inconsistent backstories — was built for an era when scammers were typing replies in their second or third language. ChatGPT eliminates that signal. Here's what's harder now and what still works.

What ChatGPT eliminates as a tell:

• Grammar mistakes
• Awkward phrasing
• Inconsistent vocabulary level
• Forgetting facts the victim shared earlier
• Off-tone responses to emotional moments

What still works as a tell, even with ChatGPT:

• Reluctance or refusal to do a real-time video call
• Consistent unavailability at specific times (suggests timezone mismatch with claimed location)
• Sudden financial requests, no matter how well framed
• Photos that reverse-image search to other accounts
• Claims of professions that conveniently prevent meeting (oil rig worker, military deployment, doctor on a remote mission)

A 2024 IIT Bombay study analysed 1,200 confirmed romance scam transcripts from 2024. The researchers identified four features that distinguished AI-assisted scams from human scams with 89% accuracy: response latency under 12 seconds, vocabulary diversity above the human baseline, perfect long-term memory recall, and emotional escalation patterns matching common ChatGPT prompt templates.

"The AI doesn't make scams smarter. It just makes them faster, cheaper, and harder to spot at the surface level. The underlying manipulation hasn't changed." — Jen Caltrider, lead researcher, Mozilla Privacy Not Included

AI-powered scams are harder to spot than ever — but exposing less upfront makes you a smaller target:

The India-Specific Pattern

In India, AI romance scams have converged on a specific structure that exploits local context:

• The persona is usually a foreign national — typically claiming to be a Russian, Ukrainian, or Eastern European woman, or in the male variant, a UK-based military officer or US-based engineer.
• The "relationship" is conducted on WhatsApp or Telegram after a quick handoff from the dating app. The handoff is the critical step — once off the dating platform, there's no fraud-detection layer.
• The financial ask involves UPI or international wire transfers. UPI is preferred for its speed. The mule accounts are typically based in border states.
• The cover story for the request is medical, customs-related, or visa-related. A 2025 I4C analysis found that 64% of romance scam payments in India were framed as either "stuck at customs," "medical emergency for a parent," or "needed for visa processing."

NCRB data from 2024 showed that the average loss in a reported India romance scam was INR 4.3 lakh. The median was lower — INR 1.2 lakh — but the long tail of high-value losses pulled the average up. The largest single reported loss in 2024 was INR 1.7 crore from a Bengaluru-based victim.

How to Protect Yourself

Here's the practical checklist. Use it.

1. Insist on a video call within the first 7 days of contact. A real video call. Not a recorded clip. If the person refuses, deflects, or disconnects within 30 seconds citing "bad connection," the probability of a scam is over 90%. ChatGPT can write a perfect message but it cannot put a real face on a video call.

2. Reverse-image-search every photo before you trust the profile. Use Google Lens, TinEye, and PimEyes. If the same photo appears on other social media accounts under different names, it's stolen.

3. Treat any financial request as a hard stop. No legitimate romantic interest will ask you for money in the first three months of conversation. Not for a flight, not for customs, not for a medical bill. A request for money is the scam revealing itself. End the conversation.

4. Test for the AI tells. Ask a question that requires the model to reference something specific and time-bound — "What did you eat for lunch today?" with a follow-up "What was the most expensive thing on the menu?" — and see if the answers stay coherent across days. ChatGPT will produce plausible-sounding answers but they often shift between sessions.

5. Use a privacy-first dating platform that limits the data scammers can extract. Platforms like Hidnn are designed to keep your identity private during the early stages of conversation, which means a scammer who tries to social-engineer you can't pull biographical details from your profile to feed back at you. The information asymmetry that scammers rely on works in your favour.

6. Report to I4C. If you suspect you've been targeted, even if you haven't lost money, report it at cybercrime.gov.in. The I4C tracks scam patterns and your report contributes to cross-victim investigations.

FAQ

Q: Can dating apps detect ChatGPT-generated messages? A: Some are trying. Detection is difficult because ChatGPT outputs vary widely depending on the prompt. As of 2026, no major dating app reliably detects AI-generated chat content at scale.

Q: What's the most common AI romance scam pattern in India in 2026? A: A foreign-national persona on a dating app moves the conversation to WhatsApp, builds rapport for 3 to 5 weeks, then introduces a customs or medical emergency requiring INR 1 to 5 lakh paid via UPI.

Q: Are men or women more likely to be targeted? A: Both. Men are targeted more often (roughly 60% of reported India cases) but women, when targeted, lose larger average amounts. Male personas are usually framed as foreign professionals; female personas as foreign romantics.

Q: Should I pay if I think I might be scammed but I'm not sure? A: No. If you have any doubt, the answer is no. Ask the person to do a live video call with a specific phrase you choose. If they can't or won't, it's a scam.

Q: Can a privacy-focused dating app like Hidnn prevent these scams? A: It can't prevent them entirely — no platform can. But by limiting what's exposed about you upfront, it reduces the social engineering surface area scammers depend on. Combined with the practical defences above, the risk drops sharply.

Your Action Items

1. Reverse-image-search the photos of every new dating app contact within 24 hours.
2. Schedule a live video call within 7 days of starting a conversation. No exceptions.
3. Set a rule for yourself: any money request, in any frame, ends the conversation.
4. Bookmark cybercrime.gov.in and use it the moment you suspect something.
5. Choose dating platforms that reduce the data attackers can use against you.

Romance scams used to be a slow, labour-intensive crime. They are now an industrial operation running on the same tools you use to write your office emails. The defences that worked five years ago are not enough. The defences in this guide are.