Posted on

Tinder: Spammers Flirt with Popular Mobile Dating App

Over the last few years, we’ve reported on a number of spam campaigns spreading through various social networking sites and applications. As with any social service, as it becomes popular, spammers look for ways to take advantage of this popularity by targeting the users of these services.

I’ve previously blogged about the popularity of online dating sites and highlighted an example of a malicious campaign using them as part of its lure. Today, one of the most popular online dating services is not a website, but a mobile application called Tinder.

Tinder is a mobile app that finds other users who like you nearby and connects you with them if you’re both interested. It is a very simple premise, which may explain why it has become one of the more popular dating services around. According to recent reports, Tinder users have been matched 50 million times and have provided 4.5 billion ratings on the service.

Recently, a number of users have reported that they have been finding spam accounts using the service.
 

Tinder-Spam-Fig1.png

Figure 1. Example of fake accounts on Tinder
 

Further research confirmed that a number of spam accounts have been created on Tinder.
 

Tinder-Spam-Fig2.png

Figure 2. Mutual Matches notification
 

Just as expected, when a user likes one of these spam accounts they’re instantly notified of the match. The spam accounts don’t seem to respond unless the user engages the account first.

The spam accounts follow a similar script when communicating with Tinder users.
 

Tinder-Spam-Fig3.png

Figure 3. Spam bot auto responses are the same
 

While engaging one of these spam accounts, I found a glitch.
 

Tinder-Spam-Fig4.png

Figure 4. Spam bot aged two years instantly
 

The spam bot seemed to report the wrong age twice, even though the spam account profile listed its age as 26.

Here is what the bot’s script typically looks like (glitch included):

Bot: hey … have we spoken before? 22..female here…you ?
Bot: hey ….. have we chatted before?? 24..female here…..u?
Bot: i’m sorry…I get to be forgetful at times! how’re u??
Bot: Just got online….long week been kind of busy! But I’m feelin’ aroused!! So what’s up …. Wanna have some fun ??  :)
Bot: I need a guy who can [REMOVED]..have u ever [REMOVED]?? hahaa
Bot: going to change my underwear….. want to see?? =)

At this point, the spam bot starts to lure the user in with the promise of a webcam session.
 

Tinder-Spam-Fig5.png

Figure 5. Spam bot begins the lure
 

From here, the spam bot will provide a shortened URL and instructs the user on how to proceed in order to gain access to her webcam session.
 

Tinder-Spam-Fig6.png

Figure 6. Landing page used in Tinder spam
 

If the user accepts the invitation on the landing page, they’re redirected to another site that asks them to sign-up, requesting personal information as well as a credit card number reportedly for age verification.
 

Tinder-Spam-Fig7.png

Figure 7. Membership requires credit card information
 

It’s interesting to note that the spam bot pre-emptively answers concerns about the website and the credit card information.
 

Tinder-Spam-Fig8.png

Figure 8. Spam bot responds to concerns
 

The bot glitches again as it changed part of its script from “sexy” to “handsome” when checking to see if the user has joined the site.
 

Tinder-Spam-Fig9.png

Figure 9. Spam bot glitch and request for “gold”
 

The spam bot also makes a request for some “gold” once the user joins the site. It’s likely that “gold” is a reference to currency used on the site, which a user may need to purchase.

How do the scammers monetize here? Affiliate programs are most often the drivers for much of the spam circulating on social networking sites. In this particular case, it’s best to “read the fine print,” as the old adage says.
 

Tinder-Spam-Fig10.png

Figure 10. Free access includes an upgrade to platinum membership
 

By default, the checkbox for “Upgrade me to a platinum membership” is selected. If this checkbox remains selected, there are two additional sites that the user is signed up for. The sites provide trial memberships of 10 days and 7 days respectively. If the user doesn’t cancel these accounts, they are then billed up to US$80 a month. Unfortunately, the user is often unaware that they are signing up for these additional sites and the scammers will be rewarded through the affiliate programs they signed up for.
 

Tinder-Spam-Fig11.png

Figure 11. Blocking spam accounts on Tinder
 

Currently, there is no way to report spam accounts within the Tinder application. However, the service does offer a way to block users. Therefore, users are advised to block any spam account they’ve been matched with.
 

Tinder-Spam-Fig12.png

Figure 12. Tinder for Android is on its way
 

The spam I’ve found on Tinder seems to be limited at this time. However, there is a concern that the service will see an influx of more spam bot accounts. While Tinder is only available for the iPhone at this time, there are plans to bring the application to Android devices. One trend I’ve observed in the last year is that following the introduction of an Android application, the volume of spam on popular services like these typically increases.

Posted on

“Sakura” Site App on the Apple App Store

Japanese one-click fraud apps on Google Play made their debut at the beginning of the year and have now become a regular on the market as new variants appear on an almost daily basis. I was curious to see whether the scammers had attempted to target other mobile platforms, so I did some investigative work. The result of which was I didn’t find any one-click fraud on other platforms, but I did came across a dodgy app in the Apple App Store that uses a strategy that is similar to one-click fraud apps.

Once opened, the app accesses certain URLs and displays content from them within the app. The app itself pretty much acts as a frame for the fraudulent site. The particular app leads to fake dating services, called “sakura” sites in Japan, rather than one-click fraud apps that attempt to fool users into paying for an adult video service.

The app was introduced on the App Store as a game and certainly does not look like it is related to a dating service on the English page.
 

image1_2.png

Figure 1. English version on the App Store
 

However, the introduction on the Japanese page suggests that the app may have something to do with pornography. The page also states that users need to be over 18 years of age and that the app is available for a free download for a limited time only.
 

image2_1.png

Figure 2. Japanese version on the App Store
 

Once installed and launched, the app’s appearance resembles the App Store.
 

image3_2.png image4_0.png image5_1.png

Figure 3. Supposedly downloadable apps
 

By turning off the network connection on the device and then reopening the app, no content is displayed in the app because it could not download it from the Internet.
 

image6_0.png

Figure 4. Result of no network connection on the device
 

When the non-existent apps within the app are opened, the default browser on the device opens various dating service sites that are all hosted on the same domain. Interestingly, the domain has been known to host the Android version of the same dating scam as well.
 

image7_1.png

Figure 5. “Sakura” dating site used in the scam
 

Once users sign-up for the service, they will soon be bombarded with messages from non-existent people interested in meeting them. The messages are actually sent from people hired by the operators of the dating service; this type of person is known colloquially in Japan as a “sakura.” The ultimate goal of the sites is to trick users into purchasing points to continue the online conversations. There is little chance that the users will ever be able to physically meet anyone on the site. Hence, this type of site is generally known as a “sakura” site in Japan. The email accounts the victims used to sign up to the site may also end up receiving spam from various dating services.

The offending app is clearly in violation of the App Store policy for various reasons and has been removed from the store. How could the app have been approved in the beginning? Because the app simply acts as a frame, different content, perhaps game related, could have been used during the approval process. As this is big business for the scammers, they devise various strategies to spread their scam. Users need to be vigilant wherever they may be downloading their apps from.

The following video shows how this scam works (note that an Android device was used to capture the video):
 

Default Chromeless Player

 

Posted on

BeautifulPeople dupes media with Shrek virus publicity stunt

BeautifulPeople.com, the dating website which claims to only accept members who pass an attractiveness rating, is claiming in the media that it has been hit by a computer virus.

According to a press release issued by the website, it was hit by a virus called “Shrek” that made it possible for “30,000 ‘ugly’ people to invade the site.”

Beautiful People website

The story has been widely reported by the likes of The Guardian, The Telegraph, Fox News, The Daily Mail and many other media outlets.

Ermm.. is it April Fool’s Day? My suspicion is that this is more likely to be a publicity stunt by BeautifulPeople than to have any basis in truth, and the world’s media are falling for it.

Here’s what Greg Hodge, MD of BeautifulPeople, had to say in the press release:

"We got suspicious when tens of thousands of new members were accepted over a six-week period, many of whom were no oil painting."

"We responded immediately, repairing the damage from the 'Shrek Virus' and putting every new member back into the rating module for a legitimate and democratic vote. The result is that we have lost over 30,000 recent members.

"We have sincere regret for the unfortunate people who were wrongly admitted to the site and who believed, albeit for a short while, that they were beautiful. It must be a bitter pill to swallow, but better to have had a slice of heaven then never to have tasted it at all."

It’s a fantastic piece of chicanery, of course, designed to boost awareness of the dating website, get them many thousands of pounds of free publicity with little risk of damage to their reputation.

The website explains that it hasn’t needed to inform any computer security firms about the malware as it is being “investigated internally”, and a “former employee.. placed the virus before leaving the team” and “despite wreaking havoc with the application process, member privacy and security was never breached.”

Phew! So, lots of publicity for the website but nothing for current or future members to worry about then. How convenient!

The company has certainly run imaginative PR stunts in the past, such as when it ran a campaign making members re-apply if they had “let themselves go” over the Christmas festivities. The dating website’s PR agency has been upfront that that initiative was designed to:

"provoke media attention with a controversial press release... to attract more hits and applications, [and] to generate extensive global coverage."

Sure enough, it won them a “Best Global Campaign” award at the CIPR Awards in 2010.

My bet is that BeautifulPeople has just come up with its latest publicity stunt – and you know what? It’s worked.