Tinder, Bots and Sextortion: The Latest Trends In Online Dating Fraud

Tinder         (Image from Symantec report)

As dating sites and singles have migrated to mobile over the past few years, so too have the dating scammers and fraudsters who leech off the industry.

With the proliferation of apps like Tinder, a whole new pool of potential victims have surfaced, and these sophisticated criminals have acclimatised to this new dating landscape, and adapted their methods in an attempt to entrap these singles.

And just as dating sites cater to different niches, scammers also tailor their frauds, depending on the clientele of the service.

Rather than the “romance scam” fraud seen on many dating websites, scammers on mobile apps are instead using advanced lovebots to lure in their victims, or by posing as prostitutes.

Last July, security experts Symantec released a report that said apps like Tinder had three main types of spam bots infecting their service.

These were adult webcam spammers, lovebots and fake prostitution profiles.

The first type would tempt users to click a link to another site. And as with all scammer campaigns, they evolved – modifying their scripts, switching to short URLs like bit.ly, and eventually asking users to move the conversation to Kik messenger to “close the deal”.

Fig1_14                                                    (Image from Symantec report)

The second type were those promoting a third party – such as bots pushing mobile games like Castle Clash, which last April invaded Tinder, creating a lot of negative media attention for the company.

After users matched with the bots, the “women” would strike up a conversation, quickly ask whether their match had heard of a game, and send them a link – in the case of the Castle Clash bots, containing the URL “Tinderverified”.

These disappeared, but the same script can be, and was, adapted for different games, webcams and services.

The bots, which often use phrases like “looking for someone to curl up watch a movie with or football or just hang out”, or “a little facial hair is a plus and someone with an awesome personality is key”, can also be highly sophisticated.

Dan Winchester, co-founder of Scamalytics, said:

“We see whole conversations unfold between humans and bots, with the human believing they are talking to another human – effectively passing the Turing test! The bot will ultimately move the human onto another messaging platform or service, or alternatively harvest an email address.”

The other type of spam, which Symantec said makes up the “overwhelming majority” of spam on mobile, are fake prostitution profiles.

These have provocative pictures of women, with a text overlay giving details about price and services, and a URL to connect with the women. These URLs take you to explicit personals websites for casual dating and hookups.

Symantec said what these campaigns all have in common is affiliate programs, which pay scammers if the campaigns are successful and leads are converted.

One such affiliate program, for blamcams, ran a three month campaign with seven different URLs, that resulted in half a million clicks. Such programs might pay $6.00 per lead for a successful sign-up, and $60 if a lead becomes a premium member, Symantec’s Satnam Narang said.

Fig2_8                                                    (Image from Symantec report)

Security experts have also noticed that as scammers follow the flock of millions dating on mobile, they also learn to change their tactics quickly, when new security measures are introduced.

Following Symantec’s report, Tinder released an update, designed to cut out these types of fraudulent profiles, which their director of comms, Rosette Pambakian, said was “a major technical solution to our current spam issue.”

However since then another report, by Pindrop Security, showed how scammers had swiftly adapted their tactics to combat the introduction of these measures.

They found that a whole new type of complaint was being reported, with fraudsters asking for a user’s phone number, and continuing their spamming tactic via SMS.

Pindrop’s Raj Bandyopadhyay and Valerie Bradford said:

“When the security of the online channel is improved, fraudsters switch to the phone channel, which has historically been under-protected. This lack of security innovation on the phone channel makes the phone a preferred vector for financial attacks.

“The Tinder phone spam complaints are yet another example of the connection between cybercrime and phone fraud. Fraudsters today adapt quickly to changing technology and security measures, and are very capable of launching a multi-pronged spam attack — much like their cybercriminal counterparts.”

Another new form of scam that has been rising over the past few years is “sextortion”.

This is where people are lured into a webcam session with who they think is an attractive woman, after accepting a friend invitation on a social media or dating site.

As they video chat to this woman – who is often a pre-recorded video whose actions can be controlled by the fraudster – their webcam is recorded.

Victims are subsequently blackmailed, the scammer saying they will post the video online, or send it to their loved ones, unless they transfer huge amounts of money into an offshore bank account.

There have been thousands of victims of this increasingly common scam, with fraudsters often targeting teens, who are more susceptible to this particular type of fraud.


(Image from BBC report)

Anti-scammer group Scam Survivors said sextortion will be one of the biggest trends to watch in 2015, and while it will generally affect adult and casual dating services, general dating sites need to be mindful.

According to Scam Survivors, customers of some of the largest social and dating websites – including Facebook, OkCupid, POF, Kik, Skout, Tagged, Tinder and more – have reported sextortion scams to them in 2014.

And stories of these types of fraud have also been rife in the media – further alerting potential customers to the industry’s problems – whether it be the cleavage selfies of Karen Danczuk being used for fake profiles, or gangs of scammers being locked up for their crimes.

While many think of dating fraud as the oft-written about romance scams, there are many other sophisticated ways that fraudsters are infecting mobile and desktop sites, in an attempt to ensnare singles.

Keeping abreast of such developments, and the adapting nature of such scams is a constant battle, but one our industry must fight head on if we want to move forward, and increase trust in online dating.

This article is from our report on Scammers & Dating Fraud, which you can download for free below:

[mc4wp_form id=”11288″]