Endpoint Protection

 View Only

Tinder safe dating spam uses safety to scam users out of money 

Jul 21, 2016 09:06 AM

In recent weeks, we have noticed spam activity on Tinder claiming to promote safety in online dating in messages to users. This is used as a lure to funnel affiliate money into the scammers’ pockets.

It’s the latest spam trend to hit the mobile dating app. Since 2013, we have published a few blogs detailing the rise of spam bots on the popular mobile dating application, Tinder. While Tinder has changed its service recently with the introduction of a premium offering, the app remains a popular destination for spammers.

Figure 1. Example of a spam bot messaging a Tinder user

Are you verified by Tinder?
These new spam bots initiate conversations with a flirty or playful opening message such as “Wanna eat cookie dough together some time?” After a series of messages, the spam bot will ask whether or not Tinder has verified the user.

Figure 2. Tinder spam bot uses safety to try to get the user to verify themselves

After asking if the user is verified, the spam bot tries to disarm the user by saying “it’s a free service tinder put up, to verify the person you wanna meet isn’t a serial killer lol.” While online dating has gone mainstream, safety concerns still remain when using these applications. The spammers use this legitimate concern to convince users to verify themselves and trick them into thinking verification will lead to a date.

Not to be confused with Tinder’s verified profiles
While spam bots may use the term “verified by Tinder,” they are not referring to a feature that Tinder launched last year called verified profiles. Verified profiles is a feature that adds a blue check mark to profiles of notable figures, celebrities, and athletes. This feature is similar to the verified badges on social media services like Twitter, Facebook, and Instagram.

Figure 3. Notable figures and celebrities verified by Tinder are identified with a blue check mark

Tinder safe dating scam
The spam bots instruct the user to click on a link to an external website which includes some variation of words about verification, background checks, safety, date codes, or protection. Most of the external websites included the word “tinder” in the URL to make them appear official. In our research, we found 13 different “Tinder Safe Dating” websites and we reported all of them to the registrar.

Figure 4. Tinder Safe Dating website (image altered to fit all elements into a single image)

Once the user visits one of the sites, they are greeted with a page that uses a copy-cat Tinder logo and font across the site. It explains how the so-called verification system works, stresses that the service is free, and claims “there is no charge to become verified!”

Figure 5. Fake profile on Tinder Safe Dating website (image altered to fit all elements into a single image)

For added incentive, the site includes photographs of a woman wearing lingerie. The site promises the user that once they are verified, they will receive the woman’s contact information including her phone number, personal email address, Skype screen name, and social media user names.

When signing up, read the fine print
To complete the verification process, the user is required to create a user name and password, and provide an email address. After this information is submitted, the site asks the user to provide a “secure age verification” in the form of credit card details.

Figure 6. Secure age verification requires a credit card, but what’s in the fine print?

If the user isn’t careful, they might miss important details in the fine print. The site may try to obscure the fine print by setting the iframe to a smaller height.

Figure 7. Expanded fine print section shows charges to the user’s credit card if they do not cancel trial memberships

According to the fine print, the user is opted in to a “FREE Bonus Offer” of trial memberships to erotic video and adult webcam sites. If the user does not cancel their free trials within the specified period of time, their credit card will be billed by three different websites.

The combined total of these charges is US$118.76 per month. These sites would earn revenue while the scammers would make a commission from the three sites for these referrals. It is unclear, however, how much commission the scammers would make, but for this activity to persist, it must be significant enough for them to continue.

Different spam bots, same old story
Three years later, scammers continue to operate spam bots on services like Tinder with the same goal in mind–to drive users to websites that offer affiliate programs. For each successful referral, whether overt (links to adult dating websites) or covert (under the guise of a safe dating verification site), the scammers earn a commission. Remember, there is no such thing as a Tinder safe dating or verification website.

If you’re using Tinder or any other online dating site or application, be aware that spam bots will continue to come up with creative ways to try to get you to sign up for other websites or services. Do your part by reporting these accounts to Tinder and always make sure you read the fine print on any site or service before you sign-up.

Check out the safety section on Tinder’s website for advice on how to safely use its app.

0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.