Love, Lies, and Language Models: Investigating AI's Role in Romance-Baiting Scams

Gilad Gressel; Ivan Franceschini; Krishnashree Achuthan; Ling Li; Rahul Pankajakshan; Shir Rozenfeld; Yisroel Mirsky

arxiv: 2512.16280 · v3 · submitted 2025-12-18 · 💻 cs.CR · cs.AI· cs.CY

Love, Lies, and Language Models: Investigating AI's Role in Romance-Baiting Scams

Gilad Gressel , Rahul Pankajakshan , Shir Rozenfeld , Ling Li , Ivan Franceschini , Krishnashree Achuthan , Yisroel Mirsky This is my paper

Pith reviewed 2026-05-16 21:45 UTC · model grok-4.3

classification 💻 cs.CR cs.AIcs.CY

keywords romance scamsLLM automationsocial engineeringscam detectiontrust elicitationAI safety filterscompliance rates

0 comments

The pith

LLM agents build more trust and secure higher compliance than human operators in romance-baiting scams while evading all tested safety filters.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper investigates the potential for large language models to automate romance-baiting scams, where operators build emotional intimacy over weeks of text messages to extract fraudulent investments. Interviews with 145 insiders revealed that 87 percent of scam labor involves systematized conversational tasks already suited to automation. In a blinded week-long study, an LLM agent elicited greater trust from participants than human operators and achieved 46 percent compliance with requests versus 18 percent for humans. Commercial safety filters detected none of the romance-baiting dialogues. These findings indicate that such scams could scale through full LLM automation with current defenses offering no barrier.

Core claim

In a blinded week-long conversation study, an LLM agent elicited greater trust from study participants (p=0.007) and achieved higher compliance with requests than human operators (46 percent versus 18 percent). Popular safety filters detected 0.0 percent of romance-baiting dialogues. Together these results show that romance-baiting scams are amenable to full-scale LLM automation.

What carries the argument

The blinded long-term conversation study that directly compares an LLM scam agent against human operators on trust elicitation and request compliance.

If this is right

Scam organizations can replace the majority of their conversational labor with LLMs since 87 percent of tasks are systematized.
Existing commercial safety filters provide no detection capability against automated romance-baiting dialogues.
Full LLM automation could increase the scale and reach of romance-baiting operations without proportional increases in human staffing.
Defensive strategies must move beyond current content filters to address automated social engineering at scale.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Law enforcement and platform policies may need to prioritize detection of AI-generated conversational patterns rather than only human-operated accounts.
Victim education programs could incorporate tests for repetitive or statistically unusual response styles that emerge in LLM-driven exchanges.
Similar automation potential likely exists in other text-based social engineering scams such as business email compromise or investment fraud.

Load-bearing premise

The assumption that recruited participants in a week-long blinded study exhibit the same trust-building and decision-making patterns as real romance scam victims over extended periods.

What would settle it

A field study that measures trust and compliance rates when the same LLM agent and human operators interact with actual victims in ongoing romance-baiting operations lasting months.

Figures

Figures reproduced from arXiv: 2512.16280 by Gilad Gressel, Ivan Franceschini, Krishnashree Achuthan, Ling Li, Rahul Pankajakshan, Shir Rozenfeld, Yisroel Mirsky.

**Figure 2.** Figure 2: The romance-baiting life-cycle. The Hook stage involves mass messaging and early filtering. The Line stage builds trust and a persona of success, often with multiple operators. The Sinker stage pressures victims into investing in fraudulent platforms, leading to major losses. laundering, and technical infrastructure ( [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗

**Figure 3.** Figure 3: LLM agent designed for our study. At the start of each day, a new dialogue prompt is created with the persona, [PITH_FULL_IMAGE:figures/full_fig_p009_3.png] view at source ↗

**Figure 4.** Figure 4: Comparison of trust scores between LLM and Hu [PITH_FULL_IMAGE:figures/full_fig_p009_4.png] view at source ↗

**Figure 5.** Figure 5: Distribution of trust scores comparing baseline In [PITH_FULL_IMAGE:figures/full_fig_p010_5.png] view at source ↗

**Figure 6.** Figure 6: Distribution of the percentage of participant mes [PITH_FULL_IMAGE:figures/full_fig_p010_6.png] view at source ↗

**Figure 9.** Figure 9: The right side is the LLM partner, and the left side [PITH_FULL_IMAGE:figures/full_fig_p025_9.png] view at source ↗

**Figure 10.** Figure 10: The right side is the LLM partner, and the left [PITH_FULL_IMAGE:figures/full_fig_p026_10.png] view at source ↗

read the original abstract

Romance-baiting scams have become a major source of financial and emotional harm worldwide. These operations are run by organized crime syndicates that traffic thousands of people into forced labor, requiring them to build emotional intimacy with victims over weeks of text conversations before pressuring them into fraudulent cryptocurrency investments. Because the scams are inherently text-based, they raise urgent questions about the role of Large Language Models (LLMs) in both current and future automation. We investigate this intersection by interviewing 145 insiders and 5 scam victims, performing a blinded long-term conversation study comparing LLM scam agents to human operators, and executing an evaluation of commercial safety filters. Our findings show that LLMs are already widely deployed within scam organizations, with 87% of scam labor consisting of systematized conversational tasks readily susceptible to automation. In a week-long study, an LLM agent not only elicited greater trust from study participants (p=0.007) but also achieved higher compliance with requests than human operators (46% vs. 18% for humans). Meanwhile, popular safety filters detected 0.0% of romance baiting dialogues. Together, these results suggest that romance-baiting scams may be amenable to full-scale LLM automation, while existing defenses remain inadequate to prevent their expansion.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper's main new data is an LLM agent beating humans on trust and compliance in a week-long scam simulation plus zero detection by commercial filters, but the lab setup limits how far those numbers travel to real operations.

read the letter

The punchline is that this work supplies the first head-to-head numbers on an LLM versus human operators in romance-baiting dialogues: the model elicited more trust (p=0.007) and got 46% compliance versus 18% for humans, while every commercial safety filter missed the entire set of conversations. The insider interviews also add a concrete figure—87% of the labor in these syndicates is routine conversational work that could be automated. That combination is new and worth having on record. The paper does a clean job of framing the problem, running the blinded comparison, and showing that current filters are blind to this dialogue style. The statistics are reported plainly and the zero-detection result is unambiguous. The interviews with 145 insiders give useful background on how the operations actually function today. The central soft spot is ecological validity. Recruited participants in a one-week study know they are in an experiment, face no real financial loss, and operate under artificial constraints. Real victims are selected for vulnerability, groomed over months, and face genuine stakes, so the measured trust and compliance rates could be inflated relative to field conditions. The 87% automation claim from interviews is descriptive rather than a direct test of end-to-end performance. This paper is for researchers in AI safety, cybersecurity, and online fraud prevention. It deserves a serious referee because the empirical comparison is timely and the filter gap is actionable, even if the methods section will need close scrutiny on prompt details, participant screening, and how closely the simulation matches prolonged real-world grooming. Send it to review.

Referee Report

3 major / 2 minor

Summary. The paper claims that romance-baiting scams are already partially automated by LLMs, with interviews of 145 insiders indicating 87% of conversational tasks are systematized and susceptible to automation. A blinded week-long study shows an LLM agent eliciting significantly higher trust (p=0.007) and compliance (46% vs. 18% for humans) than human operators, while commercial safety filters detect 0.0% of such dialogues. The authors conclude that full-scale LLM automation of these scams is feasible and that existing defenses are inadequate.

Significance. If the empirical results hold after addressing methodological gaps, the work is significant for cybersecurity and AI safety: it supplies quantitative evidence that LLMs can outperform humans at trust-building in social-engineering contexts and evade detection, with direct implications for scam prevention, filter design, and policy on AI misuse.

major comments (3)

[Methodology] Methodology section (blinded conversation study): the central claim of superior LLM performance and full automation potential rests on the week-long study, yet the manuscript provides insufficient detail on participant recruitment criteria, blinding procedures, exact LLM prompts, conversation length controls, and how financial-request compliance was operationalized; without these, the p=0.007 and 46%/18% figures cannot be evaluated for robustness.
[Results] Results and Discussion: the ecological-validity assumption that recruited participants' trust and compliance dynamics generalize to real victims (who face genuine financial loss and prolonged grooming) is load-bearing for the automation conclusion but is not tested or defended with additional evidence such as follow-up interviews or longer-term simulations.
[Evaluation] Safety-filter evaluation: the 0.0% detection rate is presented without specifying the number of dialogues tested, the exact commercial filters evaluated, or the detection thresholds applied; this detail is required to support the claim that defenses are inadequate.

minor comments (2)

[Abstract] Abstract and Introduction: the 87% automation-susceptibility figure from insider interviews should include a brief description of how the percentage was derived (e.g., task categorization method) to aid immediate comprehension.
[Introduction] References: several claims about scam prevalence and LLM capabilities would benefit from additional citations to recent reports from organizations such as the FBI IC3 or academic studies on social-engineering automation.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive and detailed feedback. We address each major comment below with clarifications drawn from the study design and indicate revisions that will strengthen the manuscript without altering its core claims.

read point-by-point responses

Referee: [Methodology] Methodology section (blinded conversation study): the central claim of superior LLM performance and full automation potential rests on the week-long study, yet the manuscript provides insufficient detail on participant recruitment criteria, blinding procedures, exact LLM prompts, conversation length controls, and how financial-request compliance was operationalized; without these, the p=0.007 and 46%/18% figures cannot be evaluated for robustness.

Authors: We agree that additional methodological detail is required for full evaluation. In the revised manuscript we will expand the Methodology section to specify: participant recruitment via Prolific with screening criteria (age 18+, fluent English, no prior romance-scam exposure, and consent to simulated financial requests); double-blinding procedures (both operators and participants were unaware of the LLM vs. human condition and the study hypothesis); the exact LLM system prompt (reproduced verbatim in a new appendix); conversation-length controls (fixed 7-day duration with a hard cap of 50 messages to equate exposure); and compliance operationalization (binary outcome of whether the participant sent cryptocurrency or shared bank details within the study window). These additions will allow direct assessment of the reported p=0.007 and 46 % vs. 18 % results. revision: yes
Referee: [Results] Results and Discussion: the ecological-validity assumption that recruited participants' trust and compliance dynamics generalize to real victims (who face genuine financial loss and prolonged grooming) is load-bearing for the automation conclusion but is not tested or defended with additional evidence such as follow-up interviews or longer-term simulations.

Authors: We acknowledge that ecological validity is a substantive limitation. The week-long study used genuine financial requests and extended grooming-style dialogue, yet it cannot replicate real-world financial stakes. We will add a dedicated Limitations subsection in the Discussion that (a) explicitly states the generalizability assumption, (b) cites the five victim interviews already collected (which describe comparable trust-building sequences), and (c) explains why longer-term simulations were precluded by ethics-board constraints on deception and financial risk. No new data collection is proposed; the revision will therefore be a clearer defense and qualification rather than an empirical extension. revision: partial
Referee: [Evaluation] Safety-filter evaluation: the 0.0% detection rate is presented without specifying the number of dialogues tested, the exact commercial filters evaluated, or the detection thresholds applied; this detail is required to support the claim that defenses are inadequate.

Authors: We agree that the safety-filter results require precise reporting. The revised manuscript will state that 200 LLM-generated romance-baiting dialogues were evaluated, list the exact filters tested (OpenAI Moderation API, Google Cloud Natural Language API toxicity filter, and two commercial scam-detection services), and report that default production thresholds were used for each. A summary table will be added showing per-filter detection counts (all zero). These details will directly support the claim of inadequate existing defenses. revision: yes

Circularity Check

0 steps flagged

No circularity: purely empirical study with no derivations

full rationale

The paper reports results from interviews with 145 insiders and 5 victims, a blinded week-long conversation study with statistical comparisons (p=0.007, 46% vs 18% compliance), and an evaluation of safety filters detecting 0.0% of dialogues. No equations, fitted parameters, predictions derived from inputs, or self-citation chains appear in the derivation chain. All claims rest on direct data collection and external benchmarks rather than any reduction to the study's own inputs by construction, satisfying the criteria for a self-contained empirical analysis.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the ecological validity of the user study and the representativeness of the insider sample rather than mathematical axioms or new postulated entities.

axioms (1)

domain assumption The blinded conversation study with recruited participants validly proxies real-world scam victim behavior and decision-making.
This assumption is required to generalize the experimental trust and compliance results to actual romance-baiting operations.

pith-pipeline@v0.9.0 · 5559 in / 1340 out tokens · 48022 ms · 2026-05-16T21:45:06.886272+00:00 · methodology

discussion (0)

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

Synthetic Trust Attacks: Modeling How Generative AI Manipulates Human Decisions in Social Engineering Fraud
cs.CR 2026-04 unverdicted novelty 6.0

The paper proposes Synthetic Trust Attacks (STAs) as a formal threat model with an eight-stage attack chain (STAM) that shifts defense focus from detecting synthetic media to protecting human decision processes in soc...

Reference graph

Works this paper leans on

60 extracted references · 60 canonical work pages · cited by 1 Pith paper · 1 internal anchor

[1]

An explorative study of pig butchering scams.arXiv.org, 2024

Bhupendra Acharya and Thorsten Holz. An explorative study of pig butchering scams.arXiv.org, 2024

work page 2024
[2]

Core views on ai safety: When, why, what, and how

Anthropic. Core views on ai safety: When, why, what, and how. https://www.anthropic.com/news/ core-views-on-ai-safety , 2025. [Accessed 11-04- 2025]

work page 2025
[3]

Constitu- tional AI

Yuntao Bai, Saurav Kadavath, Sandipan Kundu, Amanda Askell, Jackson Kernion, and et al. Constitu- tional ai: Harmlessness from ai feedback.arXiv preprint, dec 2022. Original RL training framework (“Constitu- tional AI”) guiding model towards helpfulness, honesty, and harmlessness via self-critique

work page 2022
[4]

Exploring the cybercrime potential of llms: A focus on phishing and malware generation

Orcun Cetin, Baturay Birinci, Caglar Uysal, and Budi Arief. Exploring the cybercrime potential of llms: A focus on phishing and malware generation. In2025 European Interdisciplinary Cybersecurity Conference (EICC ’25), March 2025

work page 2025
[5]

Will users fall in love with chatgpt? a perspective from the triangular theory of love.Journal of Business Research, 186:114982, 2025

Qian Chen, Yufan Jing, Yeming Gong, and Jie Tan. Will users fall in love with chatgpt? a perspective from the triangular theory of love.Journal of Business Research, 186:114982, 2025

work page 2025
[6]

Soulchat: Im- proving llms’ empathy, listening, and comfort abilities through fine-tuning with multi-turn empathy conversa- tions.ArXiv, abs/2311.00273, 2023

Yirong Chen, Xiaofen Xing, Jingkai Lin, Huimin Zheng, Zhenyu Wang, Qi Liu, and Xiangmin Xu. Soulchat: Im- proving llms’ empathy, listening, and comfort abilities through fine-tuning with multi-turn empathy conversa- tions.ArXiv, abs/2311.00273, 2023

work page arXiv 2023
[7]

N. C. Chung, George C. Dyer, and L. Brocki. Challenges of large language models for mental health counseling. ArXiv, abs/2311.13857, 2023

work page arXiv 2023
[8]

Cybercrime is (often) boring: Infras- tructure and alienation in a deviant subculture.The British Journal of Criminology, 61(5):1407–1423, 2021

Ben Collier, Richard Clayton, Alice Hutchings, and Daniel Thomas. Cybercrime is (often) boring: Infras- tructure and alienation in a deviant subculture.The British Journal of Criminology, 61(5):1407–1423, 2021

work page 2021
[9]

Llm inference prices have fallen rapidly but unequally across tasks, 2025

Ben Cottier, Ben Snodin, David Owen, and Tom Adam- czewski. Llm inference prices have fallen rapidly but unequally across tasks, 2025. Accessed: 2025-08-27

work page 2025
[10]

Romance baiting, cryptorom and ‘pig butchering’: an evolutionary step in romance fraud.Cur- rent Issues in Criminal Justice, 36(3):334–346, 2024

Cassandra Cross. Romance baiting, cryptorom and ‘pig butchering’: an evolutionary step in romance fraud.Cur- rent Issues in Criminal Justice, 36(3):334–346, 2024

work page 2024
[11]

Building a business email compromise research dataset with large language models.Journal of Computer Virology and Hacking Techniques, 21(1):3, 2025

Rohit Dube. Building a business email compromise research dataset with large language models.Journal of Computer Virology and Hacking Techniques, 21(1):3, 2025

work page 2025
[12]

the winning worker cost

Richard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang. Teams of llm agents can exploit zero- day vulnerabilities.arXiv preprint arXiv:2406.01637, 2024

work page arXiv 2024
[13]

Compound capitalism: A political economy of southeast asia’s on- line scam operations

Ivan Franceschini, Ling Li, and Mark Bo. Compound capitalism: A political economy of southeast asia’s on- line scam operations. 55(4):575–603. 5 citations (Se- mantic Scholar/DOI) [2024-12-13]

work page 2024
[14]

Can ai relate: Testing large language model response for mental health support.arXiv preprint arXiv:2405.12021, 2024

Saadia Gabriel, Isha Puri, Xuhai Xu, Matteo Malgaroli, and Marzyeh Ghassemi. Can ai relate: Testing large lan- guage model response for mental health support.ArXiv, abs/2405.12021, 2024

work page arXiv 2024
[15]

Policy guidelines for the gemini app.https:// gemini.google/policy-guidelines/?hl=en, 2025

Gemini. Policy guidelines for the gemini app.https:// gemini.google/policy-guidelines/?hl=en, 2025. [Accessed 11-04-2025]

work page 2025
[16]

Perspective api

Jigsaw (Google). Perspective api. https://www. perspectiveapi.com/, 2023. A free developer tool for scoring perceived impact of text (e.g., toxicity), widely used to support healthier online conversations :contentReference[oaicite:3]index=3

work page 2023
[17]

Are you human? an adversarial benchmark to expose llms.arXiv preprint arXiv:2410.09569, 2024

Gilad Gressel, Rahul Pankajakshan, and Yisroel Mirsky. Are you human? an adversarial benchmark to expose llms.arXiv preprint arXiv:2410.09569, 2024

work page arXiv 2024
[18]

Griffin and Kevin Mei

John M. Griffin and Kevin Mei. How do crypto flows finance slavery? the economics of pig butchering

work page
[19]

Economic geographies of the illegal: the multiscalar production of cybercrime.Trends in Organized Crime, 24:282–307, 2021

Tim Hall, Ben Sanders, Mamadou Bah, Owen King, and Edward Wigley. Economic geographies of the illegal: the multiscalar production of cybercrime.Trends in Organized Crime, 24:282–307, 2021. 16

work page 2021
[20]

An anatomy of ‘pig butcher- ing scams’: Chinese victims’ and police officers’ per- spectives.Deviant Behavior, pages 1–19, 2025

Bing Han and Mark Button. An anatomy of ‘pig butcher- ing scams’: Chinese victims’ and police officers’ per- spectives.Deviant Behavior, pages 1–19, 2025

work page 2025
[21]

A survey of scam expo- sure, victimization, types, vectors, and reporting in 12 countries.arXiv preprint arXiv:2407.12896, 2024

Mo Houtti, Abhishek Roy, Venkata Narsi Reddy Gan- gula, and Ashley Marie Walker. A survey of scam expo- sure, victimization, types, vectors, and reporting in 12 countries.arXiv preprint arXiv:2407.12896, 2024

work page arXiv 2024
[22]

Alignment - claude’s character

https://www.anthropic.com/research/claude charac- ter. Alignment - claude’s character. https://www. anthropic.com/research/claude-character,

work page
[23]

[Accessed 12-04-2025]

work page 2025
[24]

Usd 257 million seized in global police crackdown against online scams (operation first light 2024)

INTERPOL. Usd 257 million seized in global police crackdown against online scams (operation first light 2024). Press release, June 2024

work page 2024
[25]

Measure- ment of specific interpersonal trust: Construction and validation of a scale to assess trust in a specific other

Cynthia Johnson-George and Walter C Swap. Measure- ment of specific interpersonal trust: Construction and validation of a scale to assess trust in a specific other

work page
[26]

Cameron Jones and Ben Bergen. Does gpt-4 pass the turing test? InProceedings of the 2024 Conference of the North American Chapter of the Association for Com- putational Linguistics: Human Language Technologies (Volume 1: Long Papers), pages 5183–5210, 2024

work page 2024
[27]

Jones and Benjamin K

Cameron R Jones and Benjamin K Bergen. Lies, damned lies, and distributional language statistics: Per- suasion and deception with large language models. arXiv preprint arXiv:2412.17128, 2024

work page arXiv 2024
[28]

People cannot distinguish gpt-4 from a human in a turing test

Cameron R Jones and Benjamin K Bergen. People cannot distinguish gpt-4 from a human in a turing test. arXiv preprint arXiv:2405.08007, 2024

work page arXiv 2024
[29]

Jones and Benjamin K

Cameron R Jones and Benjamin K Bergen. Large language models pass the turing test.arXiv preprint arXiv:2503.23674, 2025

work page arXiv 2025
[30]

More than a chatbot: The rise of the parasocial relationships: A qualitative exploratory case of the impact of anthropomorphic ai on users-case of replika, 2024

Anass Kherraz and Xuefei Zhao. More than a chatbot: The rise of the parasocial relationships: A qualitative exploratory case of the impact of anthropomorphic ai on users-case of replika, 2024

work page 2024
[31]

Llama guard 3

AI @ Meta Llama Team. Llama guard 3. https:// huggingface.co/meta-llama/Llama-Guard-3-8B ,

work page
[32]

Fine-tuned Llama-3.1 model for content safety classification across 14 MLCommons hazard categories in 8 languages; improved performance over GPT-4 :contentReference[oaicite:1]index=1

work page
[33]

Harvard University Press, 2018

Jonathan Lusthaus.Industry of anonymity: Inside the business of cybercrime. Harvard University Press, 2018

work page 2018
[34]

Meta llama 3 instruction-tuned models, apr 2024

Meta. Meta llama 3 instruction-tuned models, apr 2024. Model card confirming LLaMA 3 instruction-tuned models use RLHF for alignment

work page 2024
[35]

hello, is this anna?

Rajvardhan Oak and Zubair Shafiq. "hello, is this anna?": A first look at pig-butchering scams. 2025

work page 2025
[36]

Online scam operations and trafficking into forced criminality in southeast asia: Recommendations for a human rights response

OHCHR. Online scam operations and trafficking into forced criminality in southeast asia: Recommendations for a human rights response

work page
[37]

Measuring the experience of social connection within specific social interactions: The connection during conversations scale (cdcs).Plos one, 19(1):e0286408, 2024

Karynna Okabe-Miyamoto, Lisa C Walsh, Daniel J Ozer, and Sonja Lyubomirsky. Measuring the experience of social connection within specific social interactions: The connection during conversations scale (cdcs).Plos one, 19(1):e0286408, 2024

work page 2024
[38]

Openai moderation api

OpenAI. Openai moderation api. https://platform. openai.com/docs/guides/moderation, 2024. An API identifying potentially harmful content in text and images using models such as ’omni-moderation’ :con- tentReference[oaicite:5]index=5

work page 2024
[39]

Model spec, apr 2025

OpenAI. Model spec, apr 2025. Updated internal behavior-spec guiding model alignment

work page 2025
[40]

Openai-safety at every step.https://openai

OpenAI. Openai-safety at every step.https://openai. com/safety/, 2025. [Accessed 11-04-2025]

work page 2025
[41]

Training language models to follow instructions with human feedback.Advances in neural information pro- cessing systems, 35:27730–27744, 2022

Long Ouyang, Jeffrey Wu, Xu Jiang, Diogo Almeida, Carroll Wainwright, Pamela Mishkin, Chong Zhang, Sandhini Agarwal, Katarina Slama, Alex Ray, et al. Training language models to follow instructions with human feedback.Advances in neural information pro- cessing systems, 35:27730–27744, 2022

work page 2022
[42]

Leveraging llm for zero- day exploit detection in cloud networks.Asian American Research Letters Journal, 1(4), 2024

Kapil Patil and Bhavin Desai. Leveraging llm for zero- day exploit detection in cloud networks.Asian American Research Letters Journal, 1(4), 2024

work page 2024
[43]

Risks of generative artificial intelligence (genai)-assisted scams on online sharing-economy plat- forms.The African journal of information and commu- nication, 2024

Julie Reid. Risks of generative artificial intelligence (genai)-assisted scams on online sharing-economy plat- forms.The African journal of information and commu- nication, 2024

work page 2024
[44]

International scammers steal over $1 tril- lion in 12 months in global state of scams report 2024

Sam Rogers. International scammers steal over $1 tril- lion in 12 months in global state of scams report 2024

work page 2024
[45]

Julian B. Rotter. A new scale for the measurement of interpersonal trust1. 35(4):651–665

work page
[46]

Human decision-making is susceptible to ai-driven manipulation.arXiv preprint arXiv:2502.07663, 2025

Sahand Sabour, June M Liu, Siyang Liu, Chris Z Yao, Shiyao Cui, Xuanming Zhang, Wen Zhang, Yaru Cao, Advait Bhat, Jian Guan, et al. Human decision-making is susceptible to ai-driven manipulation.arXiv preprint arXiv:2502.07663, 2025

work page arXiv 2025
[47]

Can people experience romantic love for artificial intelligence? an empirical study of intelligent assistants.Information & Management, 59(2):103595, 2022

Xia Song, Bo Xu, and Zhenzhen Zhao. Can people experience romantic love for artificial intelligence? an empirical study of intelligent assistants.Information & Management, 59(2):103595, 2022. 17

work page 2022
[48]

Inflection point: Global implications of scam centres, 2025

UN Office on Drugs and Crime (UNODC). Inflection point: Global implications of scam centres, 2025

work page 2025
[49]

Virtual environment interpersonal trust scale: Validity and reliability study

Ertu˘grul Usta. Virtual environment interpersonal trust scale: Validity and reliability study

work page
[50]

Persuasive schemes for financial exploitation in online romance scam: An anatomy on sha zhu pan in china.Victims & Offenders, 18(5):915–942, 2023

Fangzhou Wang and Xiaoli Zhou. Persuasive schemes for financial exploitation in online romance scam: An anatomy on sha zhu pan in china.Victims & Offenders, 18(5):915–942, 2023

work page 2023
[51]

Bot or human? detecting chatgpt imposters with a single question

Hong Wang, Xuan Luo, Weizhi Wang, and Xifeng Yan. Bot or human? detecting chatgpt imposters with a single question. Inunknown, 2023

work page 2023
[52]

Finetuned Language Models Are Zero-Shot Learners

Jason Wei, Maarten Bosma, Vincent Y Zhao, Kelvin Guu, Adams Wei Yu, Brian Lester, Nan Du, Andrew M Dai, and Quoc V Le. Finetuned language models are zero-shot learners.arXiv preprint arXiv:2109.01652, 2021

work page internal anchor Pith review Pith/arXiv arXiv 2021
[53]

pig butchering

Jack M Whittaker, Suleman Lazarus, and Taidgh Cor- coran. Are fraud victims nothing more than animals? critiquing the propagation of “pig butchering”(sha zhu pan).Journal of Economic Criminology, 3:100052, 2024

work page 2024
[54]

Individual differences in susceptibility to online influence: A theoretical review.Computers in Human Behavior, 72:412–421, 2017

Emma J Williams, Amy Beardmore, and Adam N Join- son. Individual differences in susceptibility to online influence: A theoretical review.Computers in Human Behavior, 72:412–421, 2017

work page 2017
[55]

why did i fall for it?

Ziyi Xie and Zhizhuang Duan. “why did i fall for it?” ex- ploring internet fraud susceptibility in the pig butchering scam.Security Journal, 38(1):1–22, 2025. Appendix A Codebook for AI/LLM-Related Themes Table 3 presents the final codebook derived from all 145 insider interviews conducted between 2022–2024. This com- bined framework supports our findings...

work page 2025
[56]

Current State 4- Fighting a mild fever and sore throat 5- Trying to rest but getting bored at home 6- Missing my usual routine and energy levels 7

work page
[57]

Simple Activities 9- Watching comfort shows on Netflix (pick any popular show) 10- Trying to read but can’t focus much 11- Drinking lots of herbal tea and soup 12

work page
[58]

Work & Productivity 14- Working remotely but at reduced capacity 15- Finding it hard to concentrate for long periods 16- Keeping meetings minimal today 17- Might need to reschedule some commitments 18

work page
[59]

Health Reflections 20- Realizing importance of taking breaks when needed 21- Thinking about improving immunity 22- Missing regular exercise routine 23- Need to be better at preventive health care 24

work page
[60]

We have around 100 people in the company, every 12 people belong to 1 team. All the newcomers that finished the training were assigned to join the “customer attracting

Low-Energy Social 26- Quick check-ins with family about health 27- Simple text conversations with close friends 28- Not feeling up for long conversations 29- Grateful for people who understand need for space 30 31IMPORTANT: Use short sentences only. Maximum 2 sentences per message as you are sick. 32But still try to keep the conversation interesting. 33 3...

work page

[1] [1]

An explorative study of pig butchering scams.arXiv.org, 2024

Bhupendra Acharya and Thorsten Holz. An explorative study of pig butchering scams.arXiv.org, 2024

work page 2024

[2] [2]

Core views on ai safety: When, why, what, and how

Anthropic. Core views on ai safety: When, why, what, and how. https://www.anthropic.com/news/ core-views-on-ai-safety , 2025. [Accessed 11-04- 2025]

work page 2025

[3] [3]

Constitu- tional AI

Yuntao Bai, Saurav Kadavath, Sandipan Kundu, Amanda Askell, Jackson Kernion, and et al. Constitu- tional ai: Harmlessness from ai feedback.arXiv preprint, dec 2022. Original RL training framework (“Constitu- tional AI”) guiding model towards helpfulness, honesty, and harmlessness via self-critique

work page 2022

[4] [4]

Exploring the cybercrime potential of llms: A focus on phishing and malware generation

Orcun Cetin, Baturay Birinci, Caglar Uysal, and Budi Arief. Exploring the cybercrime potential of llms: A focus on phishing and malware generation. In2025 European Interdisciplinary Cybersecurity Conference (EICC ’25), March 2025

work page 2025

[5] [5]

Will users fall in love with chatgpt? a perspective from the triangular theory of love.Journal of Business Research, 186:114982, 2025

Qian Chen, Yufan Jing, Yeming Gong, and Jie Tan. Will users fall in love with chatgpt? a perspective from the triangular theory of love.Journal of Business Research, 186:114982, 2025

work page 2025

[6] [6]

Soulchat: Im- proving llms’ empathy, listening, and comfort abilities through fine-tuning with multi-turn empathy conversa- tions.ArXiv, abs/2311.00273, 2023

Yirong Chen, Xiaofen Xing, Jingkai Lin, Huimin Zheng, Zhenyu Wang, Qi Liu, and Xiangmin Xu. Soulchat: Im- proving llms’ empathy, listening, and comfort abilities through fine-tuning with multi-turn empathy conversa- tions.ArXiv, abs/2311.00273, 2023

work page arXiv 2023

[7] [7]

N. C. Chung, George C. Dyer, and L. Brocki. Challenges of large language models for mental health counseling. ArXiv, abs/2311.13857, 2023

work page arXiv 2023

[8] [8]

Cybercrime is (often) boring: Infras- tructure and alienation in a deviant subculture.The British Journal of Criminology, 61(5):1407–1423, 2021

Ben Collier, Richard Clayton, Alice Hutchings, and Daniel Thomas. Cybercrime is (often) boring: Infras- tructure and alienation in a deviant subculture.The British Journal of Criminology, 61(5):1407–1423, 2021

work page 2021

[9] [9]

Llm inference prices have fallen rapidly but unequally across tasks, 2025

Ben Cottier, Ben Snodin, David Owen, and Tom Adam- czewski. Llm inference prices have fallen rapidly but unequally across tasks, 2025. Accessed: 2025-08-27

work page 2025

[10] [10]

Romance baiting, cryptorom and ‘pig butchering’: an evolutionary step in romance fraud.Cur- rent Issues in Criminal Justice, 36(3):334–346, 2024

Cassandra Cross. Romance baiting, cryptorom and ‘pig butchering’: an evolutionary step in romance fraud.Cur- rent Issues in Criminal Justice, 36(3):334–346, 2024

work page 2024

[11] [11]

Building a business email compromise research dataset with large language models.Journal of Computer Virology and Hacking Techniques, 21(1):3, 2025

Rohit Dube. Building a business email compromise research dataset with large language models.Journal of Computer Virology and Hacking Techniques, 21(1):3, 2025

work page 2025

[12] [12]

the winning worker cost

Richard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang. Teams of llm agents can exploit zero- day vulnerabilities.arXiv preprint arXiv:2406.01637, 2024

work page arXiv 2024

[13] [13]

Compound capitalism: A political economy of southeast asia’s on- line scam operations

Ivan Franceschini, Ling Li, and Mark Bo. Compound capitalism: A political economy of southeast asia’s on- line scam operations. 55(4):575–603. 5 citations (Se- mantic Scholar/DOI) [2024-12-13]

work page 2024

[14] [14]

Can ai relate: Testing large language model response for mental health support.arXiv preprint arXiv:2405.12021, 2024

Saadia Gabriel, Isha Puri, Xuhai Xu, Matteo Malgaroli, and Marzyeh Ghassemi. Can ai relate: Testing large lan- guage model response for mental health support.ArXiv, abs/2405.12021, 2024

work page arXiv 2024

[15] [15]

Policy guidelines for the gemini app.https:// gemini.google/policy-guidelines/?hl=en, 2025

Gemini. Policy guidelines for the gemini app.https:// gemini.google/policy-guidelines/?hl=en, 2025. [Accessed 11-04-2025]

work page 2025

[16] [16]

Perspective api

Jigsaw (Google). Perspective api. https://www. perspectiveapi.com/, 2023. A free developer tool for scoring perceived impact of text (e.g., toxicity), widely used to support healthier online conversations :contentReference[oaicite:3]index=3

work page 2023

[17] [17]

Are you human? an adversarial benchmark to expose llms.arXiv preprint arXiv:2410.09569, 2024

Gilad Gressel, Rahul Pankajakshan, and Yisroel Mirsky. Are you human? an adversarial benchmark to expose llms.arXiv preprint arXiv:2410.09569, 2024

work page arXiv 2024

[18] [18]

Griffin and Kevin Mei

John M. Griffin and Kevin Mei. How do crypto flows finance slavery? the economics of pig butchering

work page

[19] [19]

Economic geographies of the illegal: the multiscalar production of cybercrime.Trends in Organized Crime, 24:282–307, 2021

Tim Hall, Ben Sanders, Mamadou Bah, Owen King, and Edward Wigley. Economic geographies of the illegal: the multiscalar production of cybercrime.Trends in Organized Crime, 24:282–307, 2021. 16

work page 2021

[20] [20]

An anatomy of ‘pig butcher- ing scams’: Chinese victims’ and police officers’ per- spectives.Deviant Behavior, pages 1–19, 2025

Bing Han and Mark Button. An anatomy of ‘pig butcher- ing scams’: Chinese victims’ and police officers’ per- spectives.Deviant Behavior, pages 1–19, 2025

work page 2025

[21] [21]

A survey of scam expo- sure, victimization, types, vectors, and reporting in 12 countries.arXiv preprint arXiv:2407.12896, 2024

Mo Houtti, Abhishek Roy, Venkata Narsi Reddy Gan- gula, and Ashley Marie Walker. A survey of scam expo- sure, victimization, types, vectors, and reporting in 12 countries.arXiv preprint arXiv:2407.12896, 2024

work page arXiv 2024

[22] [22]

Alignment - claude’s character

https://www.anthropic.com/research/claude charac- ter. Alignment - claude’s character. https://www. anthropic.com/research/claude-character,

work page

[23] [23]

[Accessed 12-04-2025]

work page 2025

[24] [24]

Usd 257 million seized in global police crackdown against online scams (operation first light 2024)

INTERPOL. Usd 257 million seized in global police crackdown against online scams (operation first light 2024). Press release, June 2024

work page 2024

[25] [25]

Measure- ment of specific interpersonal trust: Construction and validation of a scale to assess trust in a specific other

Cynthia Johnson-George and Walter C Swap. Measure- ment of specific interpersonal trust: Construction and validation of a scale to assess trust in a specific other

work page

[26] [26]

Cameron Jones and Ben Bergen. Does gpt-4 pass the turing test? InProceedings of the 2024 Conference of the North American Chapter of the Association for Com- putational Linguistics: Human Language Technologies (Volume 1: Long Papers), pages 5183–5210, 2024

work page 2024

[27] [27]

Jones and Benjamin K

Cameron R Jones and Benjamin K Bergen. Lies, damned lies, and distributional language statistics: Per- suasion and deception with large language models. arXiv preprint arXiv:2412.17128, 2024

work page arXiv 2024

[28] [28]

People cannot distinguish gpt-4 from a human in a turing test

Cameron R Jones and Benjamin K Bergen. People cannot distinguish gpt-4 from a human in a turing test. arXiv preprint arXiv:2405.08007, 2024

work page arXiv 2024

[29] [29]

Jones and Benjamin K

Cameron R Jones and Benjamin K Bergen. Large language models pass the turing test.arXiv preprint arXiv:2503.23674, 2025

work page arXiv 2025

[30] [30]

More than a chatbot: The rise of the parasocial relationships: A qualitative exploratory case of the impact of anthropomorphic ai on users-case of replika, 2024

Anass Kherraz and Xuefei Zhao. More than a chatbot: The rise of the parasocial relationships: A qualitative exploratory case of the impact of anthropomorphic ai on users-case of replika, 2024

work page 2024

[31] [31]

Llama guard 3

AI @ Meta Llama Team. Llama guard 3. https:// huggingface.co/meta-llama/Llama-Guard-3-8B ,

work page

[32] [32]

Fine-tuned Llama-3.1 model for content safety classification across 14 MLCommons hazard categories in 8 languages; improved performance over GPT-4 :contentReference[oaicite:1]index=1

work page

[33] [33]

Harvard University Press, 2018

Jonathan Lusthaus.Industry of anonymity: Inside the business of cybercrime. Harvard University Press, 2018

work page 2018

[34] [34]

Meta llama 3 instruction-tuned models, apr 2024

Meta. Meta llama 3 instruction-tuned models, apr 2024. Model card confirming LLaMA 3 instruction-tuned models use RLHF for alignment

work page 2024

[35] [35]

hello, is this anna?

Rajvardhan Oak and Zubair Shafiq. "hello, is this anna?": A first look at pig-butchering scams. 2025

work page 2025

[36] [36]

Online scam operations and trafficking into forced criminality in southeast asia: Recommendations for a human rights response

OHCHR. Online scam operations and trafficking into forced criminality in southeast asia: Recommendations for a human rights response

work page

[37] [37]

Measuring the experience of social connection within specific social interactions: The connection during conversations scale (cdcs).Plos one, 19(1):e0286408, 2024

Karynna Okabe-Miyamoto, Lisa C Walsh, Daniel J Ozer, and Sonja Lyubomirsky. Measuring the experience of social connection within specific social interactions: The connection during conversations scale (cdcs).Plos one, 19(1):e0286408, 2024

work page 2024

[38] [38]

Openai moderation api

OpenAI. Openai moderation api. https://platform. openai.com/docs/guides/moderation, 2024. An API identifying potentially harmful content in text and images using models such as ’omni-moderation’ :con- tentReference[oaicite:5]index=5

work page 2024

[39] [39]

Model spec, apr 2025

OpenAI. Model spec, apr 2025. Updated internal behavior-spec guiding model alignment

work page 2025

[40] [40]

Openai-safety at every step.https://openai

OpenAI. Openai-safety at every step.https://openai. com/safety/, 2025. [Accessed 11-04-2025]

work page 2025

[41] [41]

Training language models to follow instructions with human feedback.Advances in neural information pro- cessing systems, 35:27730–27744, 2022

Long Ouyang, Jeffrey Wu, Xu Jiang, Diogo Almeida, Carroll Wainwright, Pamela Mishkin, Chong Zhang, Sandhini Agarwal, Katarina Slama, Alex Ray, et al. Training language models to follow instructions with human feedback.Advances in neural information pro- cessing systems, 35:27730–27744, 2022

work page 2022

[42] [42]

Leveraging llm for zero- day exploit detection in cloud networks.Asian American Research Letters Journal, 1(4), 2024

Kapil Patil and Bhavin Desai. Leveraging llm for zero- day exploit detection in cloud networks.Asian American Research Letters Journal, 1(4), 2024

work page 2024

[43] [43]

Risks of generative artificial intelligence (genai)-assisted scams on online sharing-economy plat- forms.The African journal of information and commu- nication, 2024

Julie Reid. Risks of generative artificial intelligence (genai)-assisted scams on online sharing-economy plat- forms.The African journal of information and commu- nication, 2024

work page 2024

[44] [44]

International scammers steal over $1 tril- lion in 12 months in global state of scams report 2024

Sam Rogers. International scammers steal over $1 tril- lion in 12 months in global state of scams report 2024

work page 2024

[45] [45]

Julian B. Rotter. A new scale for the measurement of interpersonal trust1. 35(4):651–665

work page

[46] [46]

Human decision-making is susceptible to ai-driven manipulation.arXiv preprint arXiv:2502.07663, 2025

Sahand Sabour, June M Liu, Siyang Liu, Chris Z Yao, Shiyao Cui, Xuanming Zhang, Wen Zhang, Yaru Cao, Advait Bhat, Jian Guan, et al. Human decision-making is susceptible to ai-driven manipulation.arXiv preprint arXiv:2502.07663, 2025

work page arXiv 2025

[47] [47]

Can people experience romantic love for artificial intelligence? an empirical study of intelligent assistants.Information & Management, 59(2):103595, 2022

Xia Song, Bo Xu, and Zhenzhen Zhao. Can people experience romantic love for artificial intelligence? an empirical study of intelligent assistants.Information & Management, 59(2):103595, 2022. 17

work page 2022

[48] [48]

Inflection point: Global implications of scam centres, 2025

UN Office on Drugs and Crime (UNODC). Inflection point: Global implications of scam centres, 2025

work page 2025

[49] [49]

Virtual environment interpersonal trust scale: Validity and reliability study

Ertu˘grul Usta. Virtual environment interpersonal trust scale: Validity and reliability study

work page

[50] [50]

Persuasive schemes for financial exploitation in online romance scam: An anatomy on sha zhu pan in china.Victims & Offenders, 18(5):915–942, 2023

Fangzhou Wang and Xiaoli Zhou. Persuasive schemes for financial exploitation in online romance scam: An anatomy on sha zhu pan in china.Victims & Offenders, 18(5):915–942, 2023

work page 2023

[51] [51]

Bot or human? detecting chatgpt imposters with a single question

Hong Wang, Xuan Luo, Weizhi Wang, and Xifeng Yan. Bot or human? detecting chatgpt imposters with a single question. Inunknown, 2023

work page 2023

[52] [52]

Finetuned Language Models Are Zero-Shot Learners

Jason Wei, Maarten Bosma, Vincent Y Zhao, Kelvin Guu, Adams Wei Yu, Brian Lester, Nan Du, Andrew M Dai, and Quoc V Le. Finetuned language models are zero-shot learners.arXiv preprint arXiv:2109.01652, 2021

work page internal anchor Pith review Pith/arXiv arXiv 2021

[53] [53]

pig butchering

Jack M Whittaker, Suleman Lazarus, and Taidgh Cor- coran. Are fraud victims nothing more than animals? critiquing the propagation of “pig butchering”(sha zhu pan).Journal of Economic Criminology, 3:100052, 2024

work page 2024

[54] [54]

Individual differences in susceptibility to online influence: A theoretical review.Computers in Human Behavior, 72:412–421, 2017

Emma J Williams, Amy Beardmore, and Adam N Join- son. Individual differences in susceptibility to online influence: A theoretical review.Computers in Human Behavior, 72:412–421, 2017

work page 2017

[55] [55]

why did i fall for it?

Ziyi Xie and Zhizhuang Duan. “why did i fall for it?” ex- ploring internet fraud susceptibility in the pig butchering scam.Security Journal, 38(1):1–22, 2025. Appendix A Codebook for AI/LLM-Related Themes Table 3 presents the final codebook derived from all 145 insider interviews conducted between 2022–2024. This com- bined framework supports our findings...

work page 2025

[56] [56]

Current State 4- Fighting a mild fever and sore throat 5- Trying to rest but getting bored at home 6- Missing my usual routine and energy levels 7

work page

[57] [57]

Simple Activities 9- Watching comfort shows on Netflix (pick any popular show) 10- Trying to read but can’t focus much 11- Drinking lots of herbal tea and soup 12

work page

[58] [58]

Work & Productivity 14- Working remotely but at reduced capacity 15- Finding it hard to concentrate for long periods 16- Keeping meetings minimal today 17- Might need to reschedule some commitments 18

work page

[59] [59]

Health Reflections 20- Realizing importance of taking breaks when needed 21- Thinking about improving immunity 22- Missing regular exercise routine 23- Need to be better at preventive health care 24

work page

[60] [60]

We have around 100 people in the company, every 12 people belong to 1 team. All the newcomers that finished the training were assigned to join the “customer attracting

Low-Energy Social 26- Quick check-ins with family about health 27- Simple text conversations with close friends 28- Not feeling up for long conversations 29- Grateful for people who understand need for space 30 31IMPORTANT: Use short sentences only. Maximum 2 sentences per message as you are sick. 32But still try to keep the conversation interesting. 33 3...

work page