[This is a Guest Diary by Fares Azhari, an ISC intern as part of the SANS.edu BACS program]

Romance scams are a form of social-engineering fraud that causes both financial and emotional harm. They vary in technique and platform, but most follow the same high-level roadmap: initial contact, relationship building, financial exploitation. In this blog post I focus on the initial stages of the romance scam ? how scammers make contact, build rapport, and prime victims for later financial requests.

I was contacted by two separate romance scammers on WhatsApp. I acted like a victim falling for their scam and spent around two weeks texting each one. This allowed me to observe the first few phases, which we discuss below. I was not able to reach the monetization phase, as that often takes months and I could not maintain the daily time investment needed to convince the scammers I was fully falling for it.

The scammers claimed to be called ?Chloe? and ?Verna?. We use these names throughout to differentiate their messages. Snippets from each are included to illustrate the phases, along with my precursor or response messages.

Phase 1: Initial contact

Both conversations began the same way ? the sender claimed they had messaged the wrong person.

Verna:

Chloe:

That ?wrong-number? ruse is low effort and high reward. It gives the out-of-the-blue message a plausible reason, invites a short helpful reply, and lowers suspicion. Two small but useful fingerprints appear immediately: random capitalization and awkward grammar. These recur later and help identify when different operators are involved.

Phase 2: The immediate hook

If you reply politely, the scammer usually responds with an over-the-top compliment:

Verna:

Chloe:

These short flattering lines serve as rapid rapport builders ? they feel personal and disarming.

Phase 3: Establishing identity and credibility

After a few messages, both claimed to be foreigners working in the UK:

Verna:

When asked what she does for a living:

When asked to explain her job:

Chloe:

When asked how COVID affected her life:

When asked about her job:

When asked what made her choose business:

Both claim the same job ? Business Analyst ? which later supports credibility when discussing investments. Claiming to be foreigners explains grammatical errors and factual mistakes about the UK. Notably, job descriptions are long and well-written, lacking earlier quirks ? suggesting prewritten, copy-pasted content. This points to a playbook: flatter the target, establish credibility with occupation and location cover, then use scripted replies where legitimacy matters.

Phase 4: The hand-off

After a few days of texting, both explained they were using a business number and asked to move to a ?personal? one:

Verna:

After I said it didn?t bother me to switch:

Chloe:

After the switch:

The excuse is plausible and low-friction. Once texting the new number, writing style often changes ? a strong sign of a hand-off to a different operator or team focused on long-term grooming.

Phase 5: The grooming phase (signs of a different operator)

The writing style shift is clear on the new numbers:

Verna:

When asked if she made friends at work:

When asked to share a steak recipe:

Chloe:

When asked what languages she speaks:

When asked about her studies:

When asked about work stress:

Responses show weaker English: more basic grammar errors, shorter sentences, quicker replies, daily ?Good morning? routines, and frequent (likely stolen or AI-generated) photos. These changes strongly indicate a hand-off.

Phase 6: Credibility building

By the second week both began describing financial success and sent images of cars, apartments, gym visits, and meals to build trust:

Verna:

Pictures sent when asked about her side hustle:

When asked if investments are high risk:

When asked how she chooses investments:

Photo sent saying she finished work (face covered):

Chloe:

When asked about plans for her 30s:

When asked about foundations/programs:

Property photo (Australia):

Both positioned themselves as successful investors with diversified portfolios ? building trust for future proposals. The wealth, charity, and expertise narratives emotionally prime the target. Direct money requests usually come much later, after deep emotional commitment.

Practical advice for readers

• If you receive a random ?wrong number? message, be cautious ? do not share personal information.
• Be suspicious if someone quickly asks to move off-platform or to a new number. Stay on the original platform until identity is verified.
• Ask for a live video call ? repeated refusal is a major red flag.
• Reverse-image search any profile photos or images received.
• Never send money, gift cards, or personal documents to someone you only know online.

The senior ranks of the People’s Liberation Army (PLA) are in tatters.

The weekend purging of China’s top general, Zhang Youxia, and another senior military officer, Gen Liu Zhenli, has left serious questions about what triggered the elite power struggles unfolding in the country – and what this means for China’s warfighting capacity, whether it be any ambition to take Taiwan by force or engage in another major regional conflict.

Zhang, 75, was vice-chairman of the Central Military Commission (CMC) – the Communist Party group headed by the country’s leader Xi Jinping, which controls the armed forces.

The CMC, usually made up of around seven people, has now been whittled down to just two members – Xi and Gen Zhang Shengmin.

All others have been taken down in the “anti-corruption” crackdown following previous waves of detention.

The CMC is responsible for controlling millions of military personnel. It is so powerful that being chairman of this body was the single position held by Deng Xiaoping as absolute ruler of China.

That only Xi and one CMC general remain is unprecedented, according to Lyle Morris from the Asia Society Policy Institute.

“The PLA is in disarray,” he told the BBC, adding that China’s military now had “a major leadership void”.

Asked what was really driving the culling of so many top generals, he said: “There are a lot of rumours floating around. We don’t know, at this point, what is true and what is false… but it is certainly bad for Xi Jinping, for his leadership and control over the PLA.”

Associate Professor Chong Ja Ian from the National University of Singapore also said he was not sure what the real reason was for Zhang’s downfall but that there was a lot of speculation about it.

“Everything from leaking nuclear secrets to the United States to plotting a coup and factional infighting. There are even rumours of a gunfight in Beijing,” he said.

“But Zhang and Liu’s downfall along with the wild speculation highlight two things: that Xi remains unassailable and there are significant limits to information in Beijing which fuels uncertainty and feeds this speculation.”

The official announcement that Zhang and Liu were “under investigation” said that they were accused of “serious violations of discipline and law”, which is a euphemism for corruption.

Then the PLA Daily made this absolutely clear in an editorial, writing that this move showed the Communist Party’s “zero tolerance” approach to “punishing corruption… no matter who it is or how high their position”.

The specific allegations being made against all of these generals have not been released to the public and may never be. However, that they have been named as under investigation almost certainly means being given a custodial sentence as a minimum.

The PLA Daily editorial was already speaking of Zhang and Liu as if they were guilty, saying they had “seriously betrayed the trust and expectations of the Communist Party’s Central Committee” as well as “trampling on and undermining the Central Military Commission”.

The targeting of the generals may be about corruption, but it may also be about power politics, given how these purges have panned out in the past.

China definitely had a corruption problem when Xi Jinping came to power, but its leader has also been accused of using his anti-corruption drive, deploying the Party’s feared discipline inspection teams, to take out would-be political rivals or those in government ranks showing anything short of full loyalty to him.

This has given General Secretary Xi a level of unchallenged control not seen since Chairman Mao.

Yet this type of leadership can also be counterproductive.

In the military, for example, a climate of suspicion can lead to cautious – even weak – decision making.

Zhang’s father was a revolutionary comrade of Xi’s father. The general goes back a long way with Xi and that they were seen as close allies before the turmoil of recent days has possibly made this worse because of a belief that no-one is safe.

He was also one of only a handful of senior officers in the PLA with combat experience, making his loss significant for the military.

His removal also poses longer term problems for Xi, according to Morris.

Xi may have stamped his authority, yet again, but the upheaval means ongoing frictions, he said.

“It’s certainly a bad look for Xi and I think there’s going to be significant turmoil in the PLA, with Xi and his leaders – especially in the PLA – for years to come.”

The purging of the most senior generals also brings scrutiny on the next layer of officers who may be wondering who is next?

Given the fate of those above they also may not welcome promotion into the deadly zone where Xi’s anti-corruption spotlight can be trained on you at any time.

And all this has come at a time when Beijing is increasing pressure on Taiwan with threats to, at some point, seize the self-governing island via an all-out attack.

Analysts will be weighing up just how much these removals have hampered such a possibility – though some think it will have little impact on curbing Beijing’s ambitions.

“The purge does not affect the PRC’s ambitions to control Taiwan. That comes down to the CCP as a whole and Xi specifically,” said Chong.

“Where the purge may matter are operational decisions. Without top military professionals or military professionals who are cowed, decisions about escalation and aggression toward Taiwan will centre even more on Xi, his preferences, and proclivities.”

Additional reporting by the BBC’s Yvette Tan

A top US immigration official is expected to leave the US city of Minneapolis in what may mark a shift in the White House’s tone after the fatal shooting of a second US citizen by federal officers over the weekend.

As Border Patrol Commander Gregory Bovino and some immigration agents depart, “border tsar” Tom Homan will begin leading on-the-ground efforts in the Minnesota city after the shooting of Alex Pretti on Saturday escalated tensions.

The decision by President Donald Trump may indicate the administration’s interest in walking back more aggressive federal action in his nationwide immigration crackdown.

Despite the announcement, online tracking of immigration raids shows the administration’s efforts have still continued.

Bovino was the face of the operation when Pretti – an observer seen filming agents – got into a confrontation that led to him being shot numerous times on a street in Minneapolis.

The border control commander inflamed the situation on the ground in the aftermath of the shooting, claiming that Pretti intended to “massacre” federal agents.

The Department of Homeland Security (DHS) said the agents fired in self-defence after Pretti, who they say had a handgun, resisted their attempts to disarm him on Saturday.

Eyewitnesses, local officials and the victim’s family have challenged that account, pointing out Pretti had a phone in his hand, not a weapon. His parents, meanwhile, have accused the administration of spreading “sickening lies” about what happened.

Before the shooting, Bovino was key to the Trump administration’s hard-line approach to immigration enforcement in several cities, active on social media and regularly filming raids and posting promotional videos showing his agents’ action.

Homan, who will report directly to the president, advocates for Trump’s aggressive immigration enforcement. But he also has experience in the role – Homan worked with immigration and deportations during Democrat Barack Obama’s administration.

In Minneapolis on Monday, tension and frustration over the presence of federal officials remained high, despite the news that Bovino and some agents would be leaving.

“A lot of people aren’t able to work right now, they aren’t able to leave their house, they’re afraid,” said George Cordero, a resident of St Paul, Minneapolis’, sister city.

Pretti was the second Minneapolis resident shot and killed by federal immigration officials since their arrival in the state; Renee Nicole Good, was killed by an Immigration and Customs Border Enforcement (ICE) agent on 7 January.

Much of the anger in the city and from politicians on both sides of the aisle was directed at Bovino and border patrol agents sent to Minneapolis along with ICE agents at Trump’s directive. In total, there are more than 3,000 immigration agents in the city.

Some media reports on Monday suggested Bovino had been let go from his role, but Homeland Security spokesperson Tricia McLaughlin refuted that, saying the border patrol chief “is a key part of the President’s team and a great American”.

Carol Engelheart, a retired nurse from Minneapolis, said she has been deeply emotional about the events of the past few days.

“We need to care about this country, we need to care that we have a Constitution left, and if the people organize and the people stand up, we can do this,” she said, as she chided immigration enforcement actions in the city.

Also on Monday, Trump spoke will both Minnesota Governor Tim Walz and Minneapolis Mayor Jacob Frey – democratic leaders who have resisted the immigration efforts and demanded agents be removed from the state. Trump has criticised both in recent weeks.

Both Trump and the local leaders characterised the talks as positive and said they discussed a pathway forward – a sign that both sides were seeking a way to end their standoff over Trump’s deportation drive.

Trump said he and Walz are “on a similar wavelength” and said his target is “any and all criminals that they have in their possession”.

“The President agreed to look into reducing the number of federal agents in Minnesota and to talk to DHS about ensuring the Minnesota Bureau of Criminal Apprehension is able to conduct an independent investigation, as would ordinarily be the case,” Walz said after the call.

Ensuring an independent investigation into Pretti’s death, has been a central focus for Walz. In its immediate aftermath, local authorities obtained a judicial warrant to gain access to the crime scene to preserve evidence.

Local officials have condemned the federal government investigation and said they were not being allowed to access the crime scene and evidence following Pretti’s death.

That response was predicated on the aftermath of Good’s shooting, when local and state authorities said they were being kept out of the investigation by federal immigration officials.

Demonstrations against ICE action and memorials for Pretti – a 37-year-old ICU nurse who was killed over the weekend – continued on Monday. More vigils and demonstrations are planned for the coming days.

On Tuesday, Frey said he plans to meet with Homan to “discuss next steps” offering the first in-person meeting of federal and local officials since Bonvino’s departure was announced.