It’s a Romance Scam, Baby

What is a romance scam?

A “romance scam” is a blend of “romance” and “scam,” referring to a type of fraud where someone approaches you via messenger or email, earns your trust, and then starts asking for money.

When it comes to legends in this field, you can’t not mention the infamous Kim Castro from Facebook days. But the truth is, she was just a victim of identity theft — not the actual scammer.

To give you a quick summary, they start off claiming to be a U.S. soldier or doctor working abroad. Then they go, “I’ll send you money, but first you have to cover the transfer fee~.” It’s the classic scam template, and yeah — I actually got one of those messages back when I was using Facebook. Of course, it wasn’t really her. It was some phishing group, obviously.

Then one day

I got a message from a stranger on my secondary phone’s LINE account.

She started with, “Aren’t you [name]?” — Normally I’d just block someone like that right away, but I was bored, so I decided to play along.

I told her nope, I’m not that person. She responded with, “Well then, maybe this is fate,” and went on to introduce herself — her age, where she lived, that she worked at a company. Surprisingly, she didn’t jump to the main point right away, so I just gave vague, half-hearted replies.

A few days passed, and since it was my sub phone and I already suspected it was a scam, I was only replying every few hours.

“I’m streaming right now, so my replies might be a bit slow~”

She randomly dropped that, saying she’d started doing livestreams as a side hustle after work. Totally unprompted, and totally unnecessary info. But part of me got curious — this was probably going to turn into a cam scam.

I pretended not to care: “Oh okay~ got it.” That seemed to trigger her. She broke and went, “There’s no one watching yet, so if you’re okay with it, could you tune in?”

So I asked her for the link.

She sent over a URL. I opened it in incognito mode with a VPN on. The first thing that popped up was This site does not support secure HTTPS connections.

That alone made me roll my eyes. I mean, SSL certificates are free nowadays. If you’re in your 30s or 40s and have even the most basic knowledge of computers, how could you not see this as sketchy?

Still, I pushed through and accessed the site, only to be greeted by…

…this absolutely tragic login screen.

Seriously, who’d fall for this? But funnily enough, the sign-up page only asked for a username and password — no personal info. So of course, I just made up a random username and password and signed up.

The main page was even worse. No responsive design — just stuck in mobile view. And the cluttered “withdrawal completed” list at the top? Definitely not something you’d find on a legit streaming site. It screamed “illegal gambling site.” I mean, think about it — why would a normal streaming platform even need a withdrawal section? And why would they proudly plaster “we process withdrawals fast and accurately” across the screen like it’s some kind of flex?

(Blurred out the faces because they’re probably stolen from real people.)

So I went to the page where they claimed to be streaming live, opened DevTools, and clicked around. Immediately got hit with a pop-up saying “You don’t have enough points to enter this room!”

At this point I started wondering — is there even a real stream behind these thumbnails? Checked the a tags in DevTools, and sure enough, all the hrefs were just “none.” The viewer count? Hardcoded. Clicking a thumbnail just triggered a JS alert with awkward spacing and a typo-ridden message.

So maybe it’s a scam to make people top-up first, then block them?

“Oh right! You’ll need points to watch the stream~ I’ll send you some of my leftover points via 1-on-1 chat, so use those~”

She said this — and I was like, wait. Then what’s the monetization model? If she’s sending me points, where’s the income coming from? Maybe it’s not just a scam — maybe it’s a cam trap?

She sent me a whopping 5k USD worth of completely worthless, hardcoded “points.” But obviously, even with that, I still couldn’t get into the stream, since there was no actual link. When I said it still wasn’t working, she told me to contact customer support.

Up to this point, the HTML was set to lang="en" and comments were in Korean. But the customer support chat window? That one had lang="zh", Chinese comments, and even the page title kept changing into weird Chinese characters. So yeah — either this was a Korean-Chinese joint scam op, or they just hired a Korean dev who sold their soul for some quick cash.

I don’t have the exact chat logs, but the gist was

“Aside from the points you already have, you need to purchase a tier package to access and view streams.”

So yeah. That fake 5k USD in points? Completely meaningless. And surprise — the only payment method was a 1K USD package via wire transfer.

Any legit company would at least support credit card payments. But this is phishing — of course they’re only accepting bank transfers through stolen accounts.

At this point, I’d seen enough. I messaged the support rep with a cheeky, “Alrightyy~ Thanks for your hard work~” and told “her” that I’m actually a developer.

Right after my little confession, “she” (or he, or it) blocked me and disappeared.

I went back to the site today just to grab a few more screenshots for this post — and yep, it’s still up. Which means they’re probably still out there, fishing for new victims as we speak.

I ran a dig lookup and turns out the phishing site is hosted on a server provided by Alibaba Cloud Computing — so yeah, either they hired a Korean dev with no conscience or some freelancer who decided money matters more than integrity. And if, by any chance, that dev sees this post?

You should be ashamed of yourself, you talentless, soulless piece of shit.

Conclusion

Scam tactics are getting more sophisticated every day. And honestly, if someone isn’t tech-savvy or is from an older generation, they could fall for this in a heartbeat.

Now, the site I saw was so low-quality that I doubt any younger person would be fooled by it — but these days, with AI-powered frontend tools, even a decent-looking phishing site isn’t hard to pull off. Throw in ChatGPT or DeepL for natural-sounding translations, and you’ve got a scam that feels local and real. If someone lonely enough stumbles on one of those sites… I wouldn’t be surprised if they’re wiring over a 1K USD right now.