Get complimentary access to the Gartner report, Emerging Tech: Top Use Cases in Preemptive Cyber Defense

The low but existing use of “financial/crypto” keywords suggests the campaign may be integrating deeper into the pig butchering model, where actors transition victims from a romantic relationship to a fraudulent cryptocurrency or investment platform. The next evolution may include more complex, short-lived domain names designed to impersonate specific financial platforms.

Some of the scam domains in this data set rely heavily on AI-driven matchmaking narratives to add a layer of intelligence to the platform. Some users may tend to rely on such platforms more than others, due to existing awareness of other AI platforms and their perceived convenience. This reflects a growing trend in which AI branding is used to scale romance-related domains with scripted interactions and potential automation of manipulation or data-collection workflows.

The example below leans heavily on a Valentine’s theme while subtly pushing a political agenda to make the campaign feel approachable rather than political. By presenting voting as a form of personal connection and ensuring the domain ranks higher as users strategically search for the “Valentine” keyword, it lowers skepticism and shifts engagement from policy to emotion while also driving traffic. This reflects a soft influence tactic, where familiarity and relatability are used to guide voter behavior instead of overt persuasion or technical abuse.

The sample domain below blends romance-coded language (“love”) with crypto wallet actions to compel a high-risk transaction while keeping it aligned with the intended theme. Certain patterns regarding such domains align with romance-to-crypto fraud workflows, where emotional framing is used to lead victims into Web3 exploitation rather than immediate theft. Otherwise, in this case, the user is asked to connect the wallet, while subtly leading the user into making a transaction.

Certain domains present themselves as third-party support services for dating apps, positioning profile “optimization” as an external enhancement rather than an official feature. By promising better matches through minimal effort and implied AI-driven insight, it targets singles actively seeking connection, a demographic already primed for emotional investment and quick decisions, often leading to financial losses.

The same cluster of malicious domains that hosted Valentine’s message bait using the above-mentioned string pattern hosted other random themes such as gaming, which is irrelevant to romance scams. This can possibly be a detection evasion technique, or planned event to attract singles. This model is profitable because it is low-cost, automated, and reusable across a range of seasons and events, enabling mass victim targeting, easy takedown recovery, and traffic funneling to secondary scams (romance fraud, crypto, malware, ads).