How to Spot an AI Companion Scam (9 Red Flags, 15 Min)

Open the platform's URL in a new tab and compare it character-by-character against the brand's canonical domain. The modal brand-jacking pattern is a TLD swap from .com to .info, .app, .net, or .org. The secondary pattern is a hyphen-insert into a single-word brand name, or a hyphen-removal from a hyphenated brand name.

Verify the canonical domain from the brand's verified social channels (X with a blue checkmark, LinkedIn company page, app-store listing), not from a search-engine result that you have not pre-verified. Search engines occasionally rank jacker domains above the real domain because the jacker's SEO investment is concentrated and the legitimate brand's is diffuse.

Three jacker domains documented in our internal knowledge base illustrate the pattern verbatim: comixharem.info, gay-harem.net, and gayharem.org. The first two route outbound clicks to a non-canonical affiliate destination; the third carries a fabricated Massachusetts address. Treat any near-match domain as suspect until you verify it on the brand's verified social handle.

Skip this step only if you arrived at the platform via a known-good link directly from the brand's verified channels.

Click the padlock icon in the browser address bar. Confirm three properties: the certificate is current and not expired, the certificate is issued to the brand's actual legal entity rather than a generic shared-host name like cloudflare.com or *.netlify.app, and the certificate is signed by a recognised certificate authority.

An expired certificate, a self-signed certificate, a generic shared-host certificate where the brand should have a dedicated one at scale, or a "Not Secure" warning is a hard stop. HTTPS is necessary but not sufficient: the lock icon proves the connection is encrypted, not that the site is legitimate. [Source: Electronic Frontier Foundation, HTTPS Everywhere documentation · verified 2026-05-26]

The pitfalls section below covers the secondary failure mode where the certificate looks fine but the brand is still a jacker; HTTPS alone is the first filter, not the last.

Open the platform's Terms of Service and Privacy Policy. Locate the operating entity's legal name, registration number, and registered address. Cross-check the registration number against the public business registry of the stated jurisdiction. Most jurisdictions publish their registries online and free.

For the Cyprus registry the lookup is at the Department of Registrar of Companies; for Delaware corporations the lookup is at the Division of Corporations; for UK companies the lookup is at Companies House; for French sociétés the lookup is at INPI. The registration number must return a record matching the platform's stated entity name and address.

A platform that lists no legal entity in the footer, lists an entity whose registration number does not match the public registry, or lists a registered address in a city or state that does not exist ("Pride City MA" is the canonical example from our brand-jacking research) is a hard stop. The fabricated-address pattern is statistically rare on legitimate operators and common on brand-jacker registrations.

Open the About page or the Authors page. Identify the named editorial team and the named platform leadership. For each named person, verify three properties: the person has a public LinkedIn profile or appears in a public professional registry, the stated credentials are consistent with dates that are physically possible, and the headshot does not surface in reverse-image search as stock imagery or an unrelated person's photograph.

The canonical fabrication pattern in this space is a competitor we have documented internally claiming a "Coursera Bachelor 2005-2009" degree. Coursera launched in 2012; a Coursera-issued degree before that date is impossible. [Source: Coursera, Company History · verified 2026-05-26] The fabrication is not subtle, and it is the editorial signal that the platform invests in marketing rather than verification.

Reverse-image search the headshots via Google Images, TinEye, or Yandex. A stock-photo headshot reused across the platform's About page, the LinkedIn profile, and an unrelated stock-photo marketplace is a hard stop.

Open the platform's external review pages: Trustpilot, Sitejabber, ProductHunt, App Store, Google Play, Reddit threads. Sort reviews by date. Read the most-recent twenty. The patterns that flag fake-review pollution are well documented and were specifically targeted in the FTC's October 2024 final rule.

Five-star bursts concentrated within a 24-to-72-hour window with no surrounding negative reviews, identical syntactic patterns across reviewer accounts (the same five-word opening phrase, the same closing sentence, the same paragraph structure), reviewer profiles created within minutes of each other, and a six-month-old product with only positive reviews and zero one-star or two-star entries are the enforcement-grade signals. [Source: US Federal Trade Commission, Rule on the Use of Consumer Reviews and Testimonials (16 CFR Part 465, effective October 2024) · verified 2026-05-26]

A Trustpilot four-star score on a six-month-old product with twenty reviews carries less signal than a Trustpilot three-star score on a two-year-old product with two thousand reviews. Volume and time-spread are the moderating variables; raw score is the noisiest signal in this category.

On the first checkout screen, before entering any card details, identify two things. First, which payment processor is handling the transaction (Stripe, CCBill, Epoch, Segpay, Klarna, NMI, and similar are the standard processors in companion-app and creator-platform categories). Second, what bank-statement descriptor will appear on your card statement.

A reputable platform discloses both. CCBill, Epoch, and Segpay-handled checkouts typically display the descriptor on the checkout page before payment. Stripe-handled checkouts may not display the descriptor explicitly but the descriptor is consistent across the operator's billing record. A platform that refuses to disclose the descriptor before payment, that uses an unfamiliar non-regulated processor, or that displays a cryptic descriptor that does not match the brand name is a payment-fraud red flag.

The bank-statement descriptor is the strongest forensic evidence in a chargeback dispute six weeks later. Screenshot the checkout screen including the processor identification and the descriptor. If the descriptor that appears on your real statement does not match what was disclosed at checkout, you have grounds for a chargeback on services-not-as-described under most card-network rules.

Navigate to the platform's account settings or subscription management page. Locate the cancellation flow. Count the clicks required to cancel a subscription, and verify whether cancellation can be completed in the same UI as signup or whether it requires an email to support with business-hours response windows.

The FTC click-to-cancel final rule, finalised October 2024 and effective in phases through 2025-2026, requires that cancelling a subscription be at least as easy as signing up. A one-click signup paired with a multi-step, email-only, business-hours-restricted cancellation flow is structurally non-compliant. [Source: US Federal Trade Commission, Negative Option / Click-to-Cancel Final Rule (October 2024) · verified 2026-05-26]

A platform that hides the cancellation path behind a chatbot loop, requires phone-call cancellation, or imposes a 5-business-day notice window on a 7-day trial is structurally adversarial. The rule applies; the operator may still bury the path. Screenshot the cancellation UI before committing payment. The pre-payment screenshot is the evidence you need if you have to escalate to the FTC or a state Attorney General later.

Search the product name plus "review" on Google or DuckDuckGo. Read the top twenty results. Coordinated affiliate promotion is identifiable by three structural signals: six or more low-quality affiliate sites cross-linking to the same product, the same five-star score reproduced across all of them, the same screenshot set with identical crops and watermark patterns, and the same affiliate-disclosure boilerplate repeated verbatim.

In the gaming category this pattern is documented as the Cluster B triangle of best-hentai-games / play-hentai-games / cross-blogroll aggregators, all cross-linking. In AI companions the same pattern recurs around specific brand launches: a synchronised "best AI girlfriend of YEAR" wave appears across twenty domains within forty-eight hours, all carrying the same five-star ranking for the same brand. Most reviewers in this space are part of the blogroll. We aren't. That's the whole differentiation.

This is not necessarily a scam signal in itself; it can also indicate a legitimate operator paying for coordinated launch promotion. The point is that consensus across spam-network blogroll is not independent verification. Discount it. Weight independent reviews on personal blogs, on Reddit threads with skeptical replies, and on third-party comparator sites whose ranking methodology is publicly disclosed.

Click the platform's outbound CTA in a private or incognito window. Watch the URL bar resolve as the page redirects. A legitimate affiliate flow typically routes through one or two redirect hops on a recognised affiliate network domain (offers.crakrevenue.com, cb-srv.com, ccbill.com, similar) before landing on the platform's checkout page.

Three patterns are adversarial. First, redirect to an in-house affiliate program rather than a regulated public network, when the platform is publicly listed on a public network elsewhere; this is the brand-jacker bypass pattern documented around the Kinkoid catalogue. Second, multiple redirects through unrelated tracking domains with no clear chain of custody. Third, a final destination domain that does not match the headline brand at all, which is the classic scam-impersonation signature.

A redirect chain that lands on a checkout flow for a brand other than the one you started with is a hard stop. Close the tab. Do not enter payment details.