Due to the massive increase in the number of users of dating apps, cybercriminals have taken advantage of this opportunity by using a sophisticated scam to convince victims to join their investments and ultimately leave victims penniless.
Due to the COVID-19 pandemic, more people are choosing to communicate online in a state of isolation. Especially using online dating apps like Tinder, Bumble, Match, etc. This presents a good target for scammers to target, the International Criminal Police Organization (Interpol) warned in an advisory issued on Tuesday.
According to INTERPOL’s “Purple Notice” advisory to 194 countries, “Interpol’s Financial Crimes Unit has received numerous reports of this type of scam from around the world and has alerted users to the use of dating apps to develop Be vigilant, be skeptical, and stay safe when it comes to interpersonal relationships.” The purpose of INTERPOL’s “Purple Notice” is to publish information on criminals’ modus operandi, target, equipment and concealment methods.
In the initial stages of the scam, the scammers connect with the victims through dating apps (Interpol did not specify which dating app platforms the attackers used).
According to Interpol, “Once communication has become clear and a certain level of trust is established, criminals will share investment skills with victims and encourage them to join an investment scheme.”
They then persuaded victims to download an app that claimed to be a trading platform and asked users to open an account. In the app, victims buy various “financial products” after being persuaded by the scammers and work their way up the so-called investment chain. Interpol said victims would be convinced they could achieve “gold” or “VIP” status.
Interpol did not provide further information about the malicious apps, other than to say that attackers skillfully disguised malicious apps as legitimate ones. Interpol said: “As is often the case with financial fraud, everything was disguised as legitimate. According to the screenshots provided by the victim, the domain name was extremely similar to the real one, and the customer service staff pretended to help the victim. Choose the right product.”
However, after defrauding the victim of a certain amount of cash, suddenly one day, all contact ceased and the victim’s account was locked.
Hank Schless, senior manager of security solutions at Lookout, told Threatpost that malicious attacks such as scams or phishing launched through dating app platforms can be very clear to see how communication-enabled mobile apps are being exploited by malicious attackers.
Schless told Threatpost: “Because there are already pictures, profiles and names associated with individuals in dating apps, it is very easy for both parties to establish trust, and in addition to dating apps, attackers can also use This type of scamming is brought to apps with social features such as gaming, shopping, exercise or travel. If someone is particularly accustomed to connecting on these apps, they are likely to be scammed by malicious attackers.”
Dating apps like Match and Tinder have been criticized for their privacy policies and various security concerns.
However, scams targeting victims looking for love are another type of security challenge that dating apps need to address, especially with the current pandemic and individual isolation. These types of scams have previously been shown to be very easy to implement. In 2019, for example, a scammer managed to defraud a “substantial” amount of money from a Jason Statham fan after approaching her while she was only following the actor on Facebook Such scams are also used for other malicious activities, including spreading malware such as the Necurs botnet.
Setu Kulkarni, VP of Strategy at WhiteHat Security, told Threatpost: “Exploiting people’s desires and fears is a tactic that scammers often use, and when scammers are dominated by personal desires and fears, human logic fails. Think first, then Action will soon be replaced by action first, thinking later.”
Interpol warns users of dating apps to be vigilant when contacted by people they don’t know, especially when strangers ask to send money; think twice before sending money; and affiliated e-mail addresses, etc., to conduct research and investigations on suspicious applications.
