Classic online dating sites

To bear out the risks, we delved into various online dating networks, which initially included Tinder, Plenty of Fish, Jdate, OKCupid, Grindr, Coffee meets Bagel, and Love Struck.

It can be as vanilla as a classic phishing page for the dating app itself or the network the attacker is sending them to.

And when combined with password reuse, an attacker can gain an initial foothold into a person’s life.

Some require a Facebook profile it can connect to, while others just needed an email address to set up an account.

Tinder, for instance, retrieves the user’s information on Facebook and shows this in the Tinder profile without the user’s knowledge.

With the ability to locate a target and link them back to a real identity, all the attacker needs to do is to exploit them.

We gauged this by sending messages between our test accounts with links to known bad sites.

We also employed a few house rules for our research—play hard to get, but be open-minded: The goal was to familiarize ourselves to the quirks of each online dating network.

We also set up profiles that, while looking as genuine as possible, would not overly appeal to normal users but entice attackers based on the profile’s profession.

That meant we also had to like profiles of potentially real people.

This led to some interesting scenarios: sitting at home at night with our families while casually liking every single new profile in range (yes, we have very understanding partners).

People are increasingly taking to online dating to find relationships—but can they be used to attack a business?

Tags: , ,