Security experts uncover Tinder porn site spam scheme

Chatbots use verification offers to lure in victims

Security experts have spotted a Tinder scam that tricks users into signing up for porn site membership in exchange for 'verification'.

The scam, identified by cyber security firm Symantec, uses chatbots to initiate conversations with the dating app's male users. After luring victims in with witty banter, the bots ask them if they are "verified by Tinder".

Note that this is separate to Twitter-style 'blue tick' verification, which Tinder launched last year for celebrities and public figures. Instead, the bots explain that this verification is "a free service tinder put up, to verify the person you wanna meet isn't a serial killer lol".

Victims are directed to an external site, which uses copycat formatting, fonts and logos of Tinder's branding. It promises that after completing the verification form, users will receive a code that they can send to their match for confirmation.

The verification form is, perhaps unsurprisingly, a scam. After providing a user name, password and email, victims must 'verify their age' using a credit card.

The site proudly proclaims that there is "no charge to become verified", but included at the bottom of the page is fine print revealing that unless they specifically uncheck the box, they are opting in to "special FREE bonus offer".

This 'bonus offer' consists of memberships to porn and explicit webcam sites, which have a total value of 118.76. These sites operate on an affiliate model, which means that the scammers receive a cut of the membership fees for every user they bring to it.

"Scammers are naturally attracted to large online communities and the surge in online dating amongst millennials makes these sites a prime target," said Nick Shaw, Norton's EMEA vice president and general manager.

"In the online world, as with anything in life, people aren't always what they seem," he said. "Therefore it's important that you are vigilant so you can enjoy dating online without placing yourself in a vulnerable position."

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021
150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
Can Pat Gelsinger get Intel back on track?
chief executive officer (CEO)

Can Pat Gelsinger get Intel back on track?

13 Jan 2021