Tinder Scammers Changed Tactics To Circumvent Security Update

Tinder

Scammers on Tinder quickly changed their tactics to combat the introduction of new security measures, according to a new report.

In July, Symantec released a report saying that Tinder had three main types of spam bots infecting the app.

These were adult webcam spammers, lovebots and fake prostitution profiles.

Following this report, Tinder released an update in July, designed to cut out these types of fraudulent profiles.

Rosette Pambakian, Tinder’s director of comms, said of the update: “We’ve had a long running spam deletion and prevention initiative in place, but we very recently rolled out a major technical solution to our current spam issue.”

However, new analysis by Pindrop Security says that Tinder’s update has only addressed “one vector of the attack”, and has not slowed the higher-level spam campaign.

After Tinder’s July update was released, Pindrop – who monitor and analyse spam data and complaints using modelling algorithms – found that a whole new type of complaint was being reported by users.

The new method by fraudsters is to ask for a user’s phone number, and continue their spamming tactic via SMS.

nadine-200x300

The month after the update, this Tinder campaign made up .31% of all phone-related scams, making it the 14th most popular phone scam of the month.

Tinder-Scam-4

In a blog post, Pindrop’s Raj Bandyopadhyay and Valerie Bradford said:

“This is a very common phenomenon observed by Pindrop. When the security of the online channel is improved, fraudsters switch to the phone channel, which has historically been under-protected. This lack of security innovation on the phone channel makes the phone a preferred vector for financial attacks.

“The Tinder phone spam complaints are yet another example of the connection between cyber crime and phone fraud. Fraudsters today adapt quickly to changing technology and security measures, and are very capable of launching a multi-pronged spam attack — much like their cyber criminal counterparts.”

Visit Pindrop Security here.