9 April 2014

Popular dating app Tinder has recently been subject to a number of fake profiles and stolen photographs which have been linked to potential scam activity. If you use Tinder, you need to be wary of the information you are giving away, and who you might (or might not) be talking to.

Users of Tinder swipe through photos of potential mates using their mobile devices, approving or rejecting profiles to create ‘matches’ with other users who are nearby.

In a recent case, security vendor Bitdefender has warned that stolen images of women and fake Tinder profiles have been used to lure users into clicking a link to a suspicious website.

Fake profiles on Tinder can be difficult to identify and have previously been used for malicious activities such as collecting personal information, distributing malware or other fraudulent activities.

In this latest case, if you are matched with the fake profile, a bot (computer) attempts to engage you in an automated text-chat, which tries to convince you to click on the link. The link takes you to an official looking page ‘tinderverified.com’ (since removed) which included targeted content such as fraudulent surveys and competitions, or ads for mobile games.

These could be a ploy to capture your personal information, install further malware or possibly undertake advertising fraud. The content has varied between locations and users.

Popular (and legitimate) game, ‘Castle Clash’ has, in particular, been reported as being frequently promoted by the bots. Its developer has stated that it is not responsible, and that it is also a victim of this scam.

The bot’s message typically will introduce itself by saying, ‘hey’, ‘how are you doing?’ before saying ‘I’m relaxing with a game on my phone, castle clash… have you heard about it?’

Regardless of your response, the bot shares the link for the fake website.

Tinder says it is aware of the problem and has been working to remove the fake profiles, however, this is not the first time Tinder has suffered from fake profiles.

Stay safe on Tinder

Do not click links you receive on Tinder

As with email spam, an unsolicited link in a Tinder message should be treated with suspicion. Do not click anything you do not trust.

Be on the lookout for fake profiles and scams

You can set a maximum distance to target or just your region, but be aware that scammers can fake their locations.

Look into the person’s interests and friends to see if you have anything in common.

Many bots start conversations by asking if you have talked before.

Remember, on the internet, if it looks too good to be true, it probably is.

Be careful about the information you publish on the internet

Many apps, such as Tinder, link directly to your Facebook account; so be aware that anything you have posted publicly (or that is publicly available via your Friends’ or company’s Facebook accounts) can be viewed by anyone, including scammers.

Any information you post publicly can be used for social engineering – to try and fool you or your friends.

Be aware of the app’s permissions

Also be aware that many of the apps on your device seek permission to access information about you and your phone when you install them. Do you really want these apps accessing your text messages or knowing your location? Check the apps permissions in your settings and read the privacy policy when you install it.

Install a reputable mobile security product

There are a number of useful paid and free security products available for Android devices which you should consider.

More information

BitDefender provides a more detailed insight into some of the Tinder scams, including further steps you can take to stay safe.

Stay Smart Online discussed dating scams previously. We have published Alerts on some of the Valentine’s Day scams, and you can even watch a video of one person’s real life experience at the hands of online dating scammers.

You can also check our guide to safe social networking.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online