Tinder porn scam: Swipe right for NOOOOOO I paid for what?

Dig yourself out of this one, buddy


Crooks on Tinder are using online safety as a lure to trick users into unwittingly paying for adult content.

Automated spam bots masquerading as Tinder users are supposedly tricking other users of the mobile dating app into visiting a malicious third-party website to “verify their profiles”.

“The spam bots instruct the user to click on a link to an external website which includes some variation of words about verification, background checks, safety, date codes, or protection,” explains Satnam Narang, senior security response manager at Symantec, in a blog post. “Most of the external websites included the word ‘tinder’ in the URL to make them appear official. In our research, we found 13 different ‘Tinder Safe Dating’ websites and we reported all of them to the registrar.”

The websites, which look strikingly like Tinder, are really conduits for a ruse that racks up charges on the victim’s credit card. Prospective marks are invited to submit personal details before being invited to submit to a “secure age verification” by supplying credit card details. In return, applicants are promised that they will receive the contact details of "matches" via email, Skype, or social media once they verify themselves. These matches - pictures of women dressed in lingerie - are wholly bogus and seemingly designed to distract prospective marks from what’s really going on.

If they're not careful, a user might overlook the fine print and find themselves opted into a “FREE Bonus Offer” of trial memberships to erotic video and adult webcam sites. If the user does not cancel their free trials within the specified period of time, their credit card will be billed by three different adult websites for a total of US $118.76. Those directly running the ruse make money from affiliate fees from the promoted adult sites.

Spam bots, some of which promoted adult content of one sort or another, have been a problem on Tinder for at least three years. The age verification sign-up ruse is a new trick designed to monetise daters' gullibility.

More commentary on the scam can be found in a blog post by industry veteran Graham Cluley here.

Symantec’s top tips for safe online dating can be found here (PDF). ®

Biting the hand that feeds IT © 1998–2019