Scammers on dating app Tinder are now using the safety concerns of online daters to help execute their scams.
A new wave of scams sees fraudsters trick singles into getting their dating profile “verified”, then hitting them with secret charges when they move users off the dating platform.
This new tactic was noticed by researchers from security giant Symantec, who have spotted a number of Tinder scams over the past few years.
The latest spam trend was observed over the last month, and in a recent blog post the security team laid out exactly how the scam works.
First, the spam bots initiate conversation with Tinder users with a “flirty or playful” message, such as: “Wanna eat cookie dough together some time?”
After trading a couple of messages back and forth, the bot then asks if the user is verified on Tinder, with a message like: “ok, hey are you verified by chance? If so whats your code they gave you. Mine is 352-FML0029”.
The spam bot then says it is a new free service from Tinder designed to ensure that “the person you wanna meet isn’t a serial killer lol.”
As Symantec’s Satnam Narang says, the scammers are cleverly using any mistrust singles might have towards online dating services to help with their scams, saying: “The spammers use this legitimate concern to convince users to verify themselves and trick them into thinking verification will lead to a date.”
The fraudsters might also be playing off the fact that Tinder launched “verified” profiles last year for “notable figures” like celebrities and athletes, because although the type of fake verification they are peddling is completely different, users may have heard about “verified” Tinder profiles, therefore making the scam more believable.
After mentioning the verified profiles, the spam bots then send users a link to an external site that has fake Tinder branding and “words about verification, background checks, safety, date codes, or protection”.
Symantec said it found over 13 different versions of these fake verification sites, which show step-by-step instructions on how to get your profile verified with “no charge” – a process that includes age verification, a background check and a code sent to your phone.
To try and tempt users even further, the websites feature photos of women in lingerie, with Narang saying they promise singles that “once they are verified, they will receive the woman’s contact information including her phone number, personal email address, Skype screen name, and social media user names.”
The page then ask users to give their email address and create a username & password, after which they are prompted to complete the “secure age verification” process by inputting their credit card details.
It is during this step where the scam is executed, as within the small print it says that users are opting in to a free trial to a number of adult video and webcam sites, and if they don’t cancel the subscription within a certain period of time, their card will be charged by three different sites.
The researchers said the total amount users would be charged every month is $118.76.
And as Narang explains: “These sites would earn revenue while the scammers would make a commission from the three sites for these referrals. It is unclear, however, how much commission the scammers would make, but for this activity to persist, it must be significant enough for them to continue.”
Such ingenious scam tactics will be of no surprise to the vast majority of the industry, but it’s interesting to note that scammers have started to use singles’ worries about the safety of online dating to help execute their fraudulent schemes, a tactic one could imagine being reused in the future.
Symantec has previously flagged up a number of Tinder scams in the past, listing three early scams that appeared on the app as Tinder started to blow up and become increasingly targeted by scammers.
Read more about them here.