When you use Tinder, you expect to find virtually anything. But making a match with a spam bot may already be too much ... And this is the method that cybercriminals are using in the popular app to scam their users and subscribe to paid services.
Cybercriminals take any opportunity to extend their scams. Fashion applications, games, designated days ... So it was expected that one of the most popular apps was the focus of one of the latest frauds. The appointment websites can themselves be a core of security threats (that they tell the users of Ashley Madison ...) since through them you can access a large amount of user data. Now, according to the security firm Symantec, it has been detected that scams are taking place taking advantage of the famous application to flirt. To make matters worse, they take advantage of the users' concern for security to deceive them. The ultimate goal, in this case, is not the information as such, but the bank details to scam them.
In recent weeks, they have detected a new spambots campaign (computer programs that mimic human behavior that send messages that simulate conversations) using Tinder as a decoy. It is not the first fraud campaign related to this service. The same security firm has already detected an increase in spambots used by cybercriminals in the popular application since 2013. These bots convinced users through the application's chat to download fake applications and sign up for adult content websites. Now, these bots return to the attack, this time to steal the financial information of their victims.
It's a match! The modus operandi
Those responsible for the investigation have published a study in which they explain how this scam works. These spambots are programmed to initiate conversations with their victims automatically. After the initial flirting, with phrases as suggestive as: "Do you want to eat a cookie with me one day?", The bot begins to ask if the user has already verified his account.
Why verification? From the beginning, Tinder has used the users' Facebook account to verify their identity. However, the developers realized that many people created fake profiles to access the application, so one of the new policies was the introduction of a verification code to the user's phone.
The bot takes advantage of this to try to disarm its victims with messages like “Have you not heard of it? It is a free Tinder service to verify if the person you want to meet is not a serial killer, hahaha. Once such applications are started to be used, security (physical, at least) becomes an important concern. Scammers take advantage of this concern - and legitimate application service - to convince users to "verify."
However, in this case, the scammers are confusing some terms ... It is not the same to verify an account as a "verified account". These are the profiles in which Tinder adds a blue check (like those from Twitter) to certify that this account is real when it comes to celebrities or popular people.
Once the conversation has progressed, the spam bot sends a link to the victim giving instructions on how to carry out the verification. But that link leads to an external website, which has nothing to do with Tinder. And that does not seem the least in reality, no matter how much they want ...
scam tinder 3
In these fraudulent websites, users are urged to enter a series of data to "verify themselves": name, surname, password, email, credit card ... Just a moment, credit card? Yes, the excuse is that it is used as a method to certify the user's age. And as a bonus, a free subscription to erotic websites.
And here comes the scam ... If the user does not read the fine print and does not cancel these subscriptions, a surprise will be taken on the credit card at the end of the month. The charges range around $ 120 a month. According to the investigations, the sites take the benefit, sharing a commission with the cybercriminals creators of the bots that register the victims without their knowledge. A real business for some and others.
Oh, and if that were not enough, if users had any doubts about whether to verify themselves or not, the scammers have been so insightful to add in the questionnaire photographs of women in lingerie (which have already been verified), promising that a Once verified, they will receive contacts from these women. Prize.