By Tony DeGonia
Senior Cybersecurity Engineer | Human Threat Analyst
Introduction
Romance scams are one of the most manipulative forms of social engineering, preying not just on vulnerabilities in technology—but in people. I’m a cybersecurity engineer, but more importantly, I’m human. And this past week, I found myself at the center of one of these emotional attacks.
The good news? I caught it. I shut it down. And I turned it into a teachable moment.
This article is about how I detected a scammer in real time using reverse image search, behavioral analysis, language profiling, and pattern recognition—and how you can do the same.
The Setup
She was beautiful. Light-skinned—maybe Black, maybe Latina. Claimed to be a programmer and hardware engineer. Said all the right things. Smiled at me like she already knew me. For a minute, it felt good. Real. But I’ve been in this game too long to fall for surface-level comfort.
Things got weird when I told her I worked in cybersecurity. She asked if I was “good with computers,” and I joked, “I’m more dangerous than good.” The shift in her energy was immediate. I started talking about how I evaluate people based on their language, syntax, and rhythm—and suddenly, silence.
She disappeared.
The Investigation
That silence was enough to spark my curiosity. Here’s what I did next:
1. Reverse Image Search
I took the profile photo and ran it through Google and TinEye. Within minutes, I found the same face on Instagram: a young woman named Hannah051. Same pictures. Different story.
2. Reverse Phone Lookup
The number didn’t show up on WhatsApp. That’s unusual—especially if someone claims to be from Latin America or a tech-savvy region. No WhatsApp presence = red flag. I ran it through a lookup tool. It was a hijacked number.
3. Messaging Platform Analysis
No presence on WhatsApp. Possibly Telegram or Signal—but not registered publicly. That’s common for scam networks that use burner VoIP lines to hide behind untraceable accounts.
4. Language Profiling
When someone says they’re a native speaker, I watch their grammar. The cadence. The way they type. Most non-native speakers leave out articles or use a sentence structure that mirrors their first language. The gaps were all there.
Conclusion: It wasn’t a she. It was a he—likely operating from Central or South America, using a fake profile, stolen images, and a hijacked number to bait emotionally available targets.
The Scam Playbook: What to Watch For
1. Stolen Photos from Social Media
Always reverse-search profile pics.
2. “Too Perfect” Profiles
If they’re attractive, emotionally available, and deeply interested in you immediately—hit pause.
3. Claims to Be in Tech, But Offers No Substance
Ask real questions. If they can’t talk tech, they’re faking.
4. Strange Platform Choices
If they avoid WhatsApp, FaceTime, or live calls—and suggest Google Chat, Telegram, or Signal—it’s often a sign they’re hiding.
5. Emotional Escalation Before Trust Is Built
Scammers don’t date—they fast-track you into emotional dependency.
6. Ghosting When You Get Smart
If they vanish the moment you press into details? That’s your confirmation.
Final Thoughts
We all want connection. That doesn’t make us weak. But we have to balance hope with discernment. If you feel something is off—investigate. Use your tools. Use your gut. And never be afraid to walk away when something doesn’t add up.
I may not have gotten the relationship—but I kept my dignity, my data, and my peace.
And if this helps even one person avoid falling for a similar trap, it was worth it.
Need help verifying a suspicious profile? Want to learn how to read digital intent like a cybersecurity analyst?
Reach out at tonydegonia.com or connect with me on LinkedIn.
Stay sharp. Stay human.