Tinder’s 10-year anniversary today (12 September), marks a decade of singletons posting personal details online in the hope of finding a new partner. Since its launch, the app has accumulated over 75-million users, all swiping through a match per minute and freely giving out personal data to the next person in the virtual lineup.
Check Point Software Technologies warns that this willingness to overshare, combined with the anonymity of the platform, creates the perfect environment for cybercriminals to select their next victim.
Tinder is full of birthdays, phone numbers, profile pictures and private conversations, possibly even containing intimate photos or information shared in confidence. This data is attractive to threat actors as they can utilise it to commit identity theft, fraud, blackmail, or sell on the dark web.
Dating apps, like Tinder, are also full of unsuspecting hopefuls, prepared to be vulnerable in order to make a true connection. Unfortunately, hackers are not above abusing that trust, preying on those who are often more preoccupied with making a good first impression than with cybersecurity. We’ve already seen this, with Check Point Research (CPR) having previously discovered several critical vulnerabilities in the website and mobile app of OkCupid, one of the world’s leading free online dating services. However, these risks to personal privacy are not platform-specific but instead reflective of a growing culture of ‘share first, worry later’.
Here are some of the possible dangers that users may experience:
- From ‘sexting’ to ‘sextortion’: One of the greatest risks to users, who share racy photos with their dates, is the possibility of blackmail. When registering for a dating app, a large amount of personal information is revealed, which can also be used by cybercriminals for financial gain.
- Malware on the prowl: A simple photograph can be the perfect hook to gain access to an entire device. One of the best techniques that cybercriminals use in dating apps is creating an attractive profile, one which every victim would want to be ‘matched’ with. However, the photo file could contain malware with spyware capable of obtaining a user’s passwords.
- Fake romance: In dating apps, it’s common for cybercriminals to create fake profiles with images and descriptions that attract users’ attention. Their modus operandi is to establish an interest to initiate a conversation with the victim with the intent to steal money. Over days, weeks or even months, the attacker gradually gains the victim’s trust. A long-distance relationship is initiated. Most often, this relationship starts without the parties actually seeing each other, but there is a promise to meet soon. The cybercriminal asks the victim to send money so that they can ‘travel to meet up’ or because a ‘serious problem’ has arisen.
- Impersonation: Although these cyberattacks are most likely to target the app users, there are instances when an outsider can be targeted. Any individual with someone else’s data, documents or files is capable of impersonating an identity. In fact, now that most internet users expose a lot of their data on the web, it is potentially accessible to everyone. With this data, cybercriminals are able to create fake profiles for financial gain while also causing reputational damage to the person they are imitating.
- Account theft: When you go on the dark web, you will find hundreds of hacked dating app profiles available to buy at a high price. Data includes emails, passwords and other personal account information that can be sold and used for subsequent phishing or malware attacks.
Check Point offers some tips to keep users safe:
- Never give confidential information to third parties: any user who requests confidential information may be a cybercriminal, so it is essential that you never give out personal data on Tinder, or any dating app, to avoid the risk.
- Don’t download images or files to your device: everyone shows their photographs on dating apps, but it is very important that they are only displayed within the app and are not downloaded or saved, as they could
- Don’t trust. Don’t rush: this is a basic premise, but sometimes the most obvious thing is the most useful. If something seems strange or does not seem real, it is better to be suspicious. There are plenty of fish in the sea, so don’t take any needless risks.
- Check profiles: be wary of newly created profiles or profiles with pictures that look like an advertisement. If a user shows too much interest or asks for too much personal information, that should ring alarm bells.
“Our phones are never far away from us, whether we are using them to board a flight, pay for the food shop or find that special someone,” says Pankaj Bhula, regional director for Africa at Check Point Software. “Dating apps like Tinder are gamified, relying on a quick swipe left or right user experience.
“Unfortunately, this plays into the hands of cybercriminals looking to steal credentials or banking information as the user is encouraged to react fast.
“The best way to stay safe is to approach every conversation with caution and take a minute before making any snap decisions. Cybercriminals are everywhere, especially on platforms where people can be at their most vulnerable.”