Not to sullen any Valentine’s Day vibes but the topic of cyber scams through dating applications matches the holiday. The types of crime range between sextortion and old-fashion financial scams.
In 2020, the Israeli security company Check Point reached out to OkCupid to highlight a vulnerability, which fortunately, was caught before exploitation of the site’s users ensued. With more than 50 million registered users voluntarily entering data like sexual orientation, age, location, socioeconomic and educational information, OkCupid was/is a delicious target for cybercrime.
The OkCupid vulnerability (now patched) was a combination of techniques in which attackers sent forged, malicious links to users, which once clicked, would steal authentication tokens. With those tokens, the attackers not just received any data desired, but were able to perform functions on behalf of the user.
With the ability to act on behalf of a user, the attacks exploited trust developed between individuals messaging each other through the website to gather more information and to send out malicious links to email addresses (evading anti-malspam software) to more victims. The impersonated user can essentially be turned into malware-distributing bot.
While the news about OkCupid is old, romance-related scams are on-going with upticks in activity around Valentine’s Day. On February 11, 2022, the Federal Bureau of Investigation issued a warning about romance scams going into holiday weekend. According to the alert, the San Francisco Bay Area saw a rise in romance scam losses from an estimated $35 million in 2020 to $64 million.
The most targeted groups in romance scams are, unfortunately, seniors (age 60+). The new trend in romance scams is convincing the user to invest in cryptocurrency or another fraudulent Ponzi scheme. As stated by the FBI’s internet crimes center, “After the victim has invested an initial amount on the platform and sees an alleged profit, the scammers allow the victim to withdraw a small amount of money. Eventually, the scammer instructs the victim to invest a more considerable amount. When the victim is ready to withdraw funds again, the scammers create reasons why this cannot happen.” And with at least 2 commercials encouraging crypto investments during the LVI Super Bowl, financial mechanisms that disguise buyers and senders alike are moving mainstream.
Without under-valuing the effect of the pandemic in forcing people to satiate natural emotions through dating apps, the Federal Trade Commission reported that between 2016 and 2020, the reported dollar losses associated with romance scams increased by approximately 400%.
This Valentine’s Day, especially for those with single, senior relatives, consider the following before engaging in any activity that involves any type of financial element:
1. Do not accept gift cards or scan QR codes for gift cards from the love interest.
2. Never send money or financial gifts to someone through a dating app, even if he/she sends the same type of gift first. For example, a criminal may be using the exchange to launder funds.
3. Reverse search images associated with dating profiles to determine if the image is associated with an alternative account or identity.
4. Look for consistent grammatical or spelling errors.
5. Be extra vigilant if the potential dating app match reports being far away to avoid meeting in person. Common stories used by scammers are that he/she is working on an oil rig, deployed with the military, or working for an international medical service.