Tinder users beware of fake profiles: SSO Alert Priority Moderate
9 April 2014
Popular dating app Tinder has recently been subject to a number of fake profiles and stolen photographs which have been linked to potential scam activity. If you use Tinder, you need to be wary of the information you are giving away, and who you might (or might not) be talking to.
Users of Tinder swipe through photos of potential mates using their mobile devices, approving or rejecting profiles to create ‘matches’ with other users who are nearby.
In a recent case, security vendor Bitdefender has warned that stolen images of women and fake Tinder profiles have been used to lure users into clicking a link to a suspicious website.
Fake profiles on Tinder can be difficult to identify and have previously been used for malicious activities such as collecting personal information, distributing malware or other fraudulent activities.
In this latest case, if you are matched with the fake profile, a bot (computer) attempts to engage you in an automated text-chat, which tries to convince you to click on the link. The link takes you to an official looking page ‘tinderverified.com’ (since removed) which included targeted content such as fraudulent surveys and competitions, or ads for mobile games.
These could be a ploy to capture your personal information, install further malware or possibly undertake advertising fraud. The content has varied between locations and users.
Popular (and legitimate) game, ‘Castle Clash’ has, in particular, been reported as being frequently promoted by the bots. Its developer has stated that it is not responsible, and that it is also a victim of this scam.
The bot’s message typically will introduce itself by saying, ‘hey’, ‘how are you doing?’ before saying ‘I’m relaxing with a game on my phone, castle clash… have you heard about it?’
Regardless of your response, the bot shares the link for the fake website.
Tinder says it is aware of the problem and has been working to remove the fake profiles, however, this is not the first time Tinder has suffered from fake profiles.
Stay safe on Tinder
Do not click links you receive on Tinder
As with email spam, an unsolicited link in a Tinder message should be treated with suspicion. Do not click anything you do not trust.
Be on the lookout for fake profiles and scams
You can set a maximum distance to target or just your region, but be aware that scammers can fake their locations.
Look into the person’s interests and friends to see if you have anything in common.
Many bots start conversations by asking if you have talked before.
Remember, on the internet, if it looks too good to be true, it probably is.
Be careful about the information you publish on the internet
Many apps, such as Tinder, link directly to your Facebook account; so be aware that anything you have posted publicly (or that is publicly available via your Friends’ or company’s Facebook accounts) can be viewed by anyone, including scammers.
Any information you post publicly can be used for social engineering – to try and fool you or your friends.
Be aware of the app’s permissions
Install a reputable mobile security product
There are a number of useful paid and free security products available for Android devices which you should consider.
BitDefender provides a more detailed insight into some of the Tinder scams, including further steps you can take to stay safe.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.