In a month where matchmaking is in high demand, we took a look at recent trends around online dating sites using Webroot Brightcloud Threat Intelligence Platform. What did we find? Valentine’s Day sends cybercriminals on the prowl, and not for a soulmate.
On average, visits to dating websites increase by 53 percent in the month of February, relative to the three months prior. There is also a 342 percent increase in visits to greeting card domains on Valentine’s Day relative to Christmas Day.
Cybercriminals take advantage of this massive spike in dating interest to take advantage of victims. The heart-breaker: In the week leading up to Valentine’s Day, there is an astounding 220 percent increase in malicious URLs from the week prior. The week following Valentine’s sees a dramatic 50 percent drop in malicious URLs.
We’ve even found WordsOfHeart.com—a dating website that will find your perfect match based on your password! We can’t stress enough how much of a bad idea this is.
While the website does specify that you should not use the same password as your email or Facebook account, it’s still quite bizarre that your password would be a focal point for matching. At first glance, the appears to be a clever phishing attempt, but the site does indeed match you with other people. During initial sign up–using a weak password, no matches were found.
When trying again using the obviously weak password of password, we found hundreds of matches. Most of these “matches” appeared to be blank profiles that weren’t created for any real romance, but were rather just other people testing to see if this site was legitimate, and some were just trolling. Regardless of the functionality of the site, the entire premise behind it is something that everyone should steer clear.
Users should also exercise caution when dealing with more legitimate and established dating services. It has recently come to light that Tinder is not as secure as presumed. Tinder’s iOS and Android apps do not use basic HTTPS encryption for photos. What this means is that anyone using the same Wi-Fi network that your phone is on can potentially see your Tinder photo traffic.
Source: CheckMarx, Tinder drift demo on YouTube.
To make matters even creepier, it’s possible for hackers to actually inject photos into your Tinder photo stream, as seen in a YouTube video by security researchers at CheckMarx. Be sure to keep this in mind when connected to public WiFi at coffee shops, libraries, airports, etc. It is worth noting that this lack of encryption is only an issue on the mobile Tinder apps, and using Tinder on your laptop browser would be fully encrypted. A recent survey by Mozilla shows that still only 68% of the internet is HTTPS encrypted, which is basic level protection. We expect that Tinder will be updating their mobile apps to address this soon.
Another stigma with dating websites is the overwhelming presence of bots. This isn’t a new development and the Ashley Madison hack a couple years back revealed that overwhelming number of women on the site which led to 80% of men to purchase, according to Gizmodo. This year, China is trying to crack down on mobile apps with fake female user accounts that send automated messages to solicit new users for gifts and money, according to the BBC. Over 600 people were arrested for this lucrative “business model” that generated over $150 million for these apps. With artificial intelligence getting smarter and smarter, we expect scams like this to continue, so make sure to watch out for these tactics.
Practice safe online dating
Avoid swiping on dating apps when connected to public, unsecured networks. Make sure you’re using two-factor authentication to help ensure your online data is more secure. As soon as an account’s credentials have been compromised, it’s very common to then use that account to try and scam others since the profile is (up to that point) legitimate and not suspicious. Another option when browsing on public WiFi is to use a VPN (virtual private network).
Overall, use good judgement when it comes to online dating. Be extra vigilant about dating websites you visit, keeping note of the URLs and mobile apps you access.
The post Valentine’s Day Sends Mobile, Online Dating Scammers on the Prowl appeared first on Webroot Threat Blog.