Spam bots are tricking users of the popular dating website Tinder to become paying members of multiple adult-themed websites.
Satnam Narang, senior security response manager at Symantec, explains the bots first lure victims in with a flirtatious message such as "Wanna eat cookie dough together some time?"
Be still my beating heart!
After a few canned responses, the spam bot asks if Tinder has verified the user. It's not talking about verified profiles, a feature which places a blue checkmark next to the profiles of athletes and celebrities. It's invoking the concern of users verifying themselves if they want a date.
The bots prey upon this legitimate concern to fulfil their spammy ends. Narang elaborates:
"The spam bots instruct the user to click on a link to an external website which includes some variation of words about verification, background checks, safety, date codes, or protection. Most of the external websites included the word 'tinder' in the URL to make them appear official. In our research, we found 13 different 'Tinder Safe Dating' websites and we reported all of them to the registrar."
More than a few users will probably be distracted by the pictures of women dressed in lingerie, however, as well as each site's claim that they'll be able to contact those "matches" via email, Skype, or social media once they verify themselves.
All the user needs to do is complete the verification process, which involves submitting their credit card data.
If they're not careful, a user might overlook the fine print:
"The Special Free Bonus Offer" enrolls the user in free trials that provides them with complimentary access to three separate adult-themed websites. If they fall for the ruse and don't cancel their subscriptions in the allotted amount of time, they'll be charged US $118.76... per month!
For each successfully processed commission, the spammers behind the bots earn a commission for their efforts.
Using spam to advertise for adult-themed dating websites isn't new. According to Narang, that's just the risk all online dating users face:
"Remember, there is no such thing as a Tinder safe dating or verification website. If you’re using Tinder or any other online dating site or application, be aware that spam bots will continue to come up with creative ways to try to get you to sign up for other websites or services. Do your part by reporting these accounts to Tinder and always make sure you read the fine print on any site or service before you sign-up."
As a general rule of thumb, users should also be cautious around people who are willing to send them scantily clad pictures of themselves before they've even gone on a date. In most cases, they're just a scam. They're not even real.