Share this article on:
Cyber security experts have reminded users of the dangers they face when using dating apps as Tinder celebrates a decade online.
On the 12th of September, Tinder marked a decade of singletons posting personal details online in the hope of finding a new partner. Since its launch, the app has accumulated over 75 million users, all swiping through a match per minute and freely giving out personal data to the next person in the virtual lineup.
The Check Point Software Technologies researchers, however, warns that the willingness to overshare, combined with the anonymity of the platform, creates the perfect environment for cyber criminals to select their next victim.
Tinder is full of birthdays, phone numbers, profile pictures and private conversations, possibly even containing intimate photos or information shared in confidence. This data is attractive to threat actors as they can utilise it to commit identity theft, fraud, blackmail, or sell on the dark web.
Dating apps, like Tinder, are also full of unsuspecting hopefuls, prepared to be vulnerable in order to make a true connection.
Unfortunately, hackers are not above abusing that trust, according to the Check Point Research (CPR), preying on those who are often more preoccupied with making a good first impression than with cyber security. CPR has previously discovered several critical vulnerabilities on the website and mobile app of OkCupid, one of the world's leading free online dating services. However, these risks to personal privacy are not platform-specific but instead reflective of a growing culture of "share first, worry later".
The CPR team have rounded up the possible dangers that users may experience on dating apps:
From “sexting” to “sextortion”: Black Mirror predicted it, and it seems to have come true. One of the greatest risks to users who share racy photos with their dates is the possibility of blackmail. When registering for a dating app, a large amount of personal information is revealed, which can also be used by cyber criminals for financial gain.
Malware on the prowl: A simple photograph can be the perfect hook to gain access to an entire device. One of the best techniques that cyber criminals use in dating apps is creating an attractive profile, one which every victim would want to be "matched" with. However, the photo file could contain malware with spyware capable of obtaining the user's passwords.
Fake romance: In dating apps, it’s common for cyber criminals to create fake profiles with images and descriptions that attract the user's attention. Their modus operandi is to establish an interest to initiate a conversation with the victim with the intent to steal money. Over days, weeks or even months, the attacker gradually gains the victim's trust. A long-distance relationship is initiated. Most often, this relationship starts without the parties actually seeing each other, but there is a promise to "meet soon". The cyber criminal asks the victim to send money "so that they can travel to meet up" or because a "serious problem" has arisen.
Impersonation: Although these cyber attacks are most likely to target the app users, there are instances when an outsider can be targeted. Any individual with someone else's data, documents or files is capable of impersonating an identity. In fact, now that most internet users expose a lot of their data on the web, it is potentially accessible to everyone. With this data, cyber criminals are able to create fake profiles for financial gain while also causing reputational damage to the person they are imitating.
Account theft: When you go on the dark web, you will find hundreds of hacked dating app profiles available to buy at a high price. Data includes emails, passwords and other personal account information that can be sold and used for subsequent phishing or malware attacks.
CPR researchers suggest keeping these safety tips in mind:
Never give confidential information to third parties: any user who requests confidential information may be a cyber criminal, so it is essential that you never give out personal data on Tinder, or any dating app, to avoid running the risk.
Don’t download images or files to your device: everyone shows their photographs on dating apps, but it is very important that they are only displayed within the app and are not downloaded or saved, as they could be hiding malware, or another type of cyber attack, which could endanger all the documents and files on your mobile or computer.
Don’t trust. Don’t rush: This is a basic premise, but sometimes the most obvious thing is the most useful. If something seems strange or does not seem real, it is better to be suspicious. There are plenty of fish in the sea, so don't take any needless risks.
Check profiles: Be wary of newly created profiles or profiles with pictures that look like an advertisement. If a user shows too much interest or asks for too much personal information ... that should ring alarm bells.
Dating apps like Tinder are gamified, Rod Thorne, Check Point Software Australia country manager further explained, which relies on a quick swipe left or right user experience, which has unfortunately played into the hands of cyber criminals looking to steal credentials or banking information as the user is encouraged to react fast.
"Our phones are never far away from us, whether we are using them to board a train, pay for the food shop or to find that special someone,
"The best way to stay safe is to approach every conversation with caution and take a minute before making any snap decisions," Thorne said.
"Cyber criminals are everywhere, especially on platforms where people can be at their most vulnerable."
[Related: TikTok hacked, denies security breach allegations]