Cyber Security Agency Warns of Online Group 'Grooming Then Scam' Tactics

The emergence of "grooming‑then‑scam" tactics marks a notable evolution in cyber fraud. Traditional phishing attacks often rely on generic lure messages, but scammers are now embedding themselves in niche communities—religious circles, sports clubs, vegetarian forums, and charitable groups—where members share common interests and trust. By initiating one‑on‑one chats and prompting users to add them on messaging platforms such as LINE, fraudsters gain direct, persistent access, allowing them to observe conversation dynamics and identify vulnerable individuals before escalating the attack.

Once inside a group, the perpetrators distribute seemingly innocuous surveys that request lifestyle details. Behind the veneer of market research, these questionnaires harvest critical data points—occupation, income bracket, family composition, and contact information. This intelligence enables a precise risk assessment, letting scammers tailor financial pitches that appear credible, whether promising high‑yield investments or charitable donation schemes. The pattern mirrors classic romance and investment fraud but is cloaked in the legitimacy of shared‑interest spaces, making detection harder for both victims and automated security tools.

For businesses and platform operators, the warning signals a need for proactive safeguards. Community administrators should implement clear policies banning financial solicitations and require verification for new members adding contacts. Meanwhile, messaging services and social networks must enhance monitoring of rapid friend‑add requests linked to group invitations, possibly integrating real‑time alerts with national anti‑fraud hotlines. Strengthening partnerships with fact‑checking organizations and deploying AI‑driven content analysis can accelerate the removal of fraudulent posts, protecting users and preserving the integrity of online interest groups.