Users of dating apps – like Tinder, Match & Bumble – should be on the lookout for investment-fraud scammers.
Cybercriminals are taking advantage of a surge in dating app users with a sophisticated fraud scheme, which convinces victims to join in on an investment opportunity which ultimately steals their money.
The social isolation of the COVID-19 pandemic is driving many to online interactions – notably to online dating apps such as Tinder, Bumble, Match etc.. This is providing scammers with a juicy target for a recent investment scam, warned the International Criminal Police Organisation (Interpol) in an advisory released Tues.
“Interpol’s Financial Crimes unit has received reports from around the world of this scam & is encouraging dating app users to be vigilant, be sceptical & be safe when entering into online relationships,” says Interpol, in a “Purple Notice” advisory sent to 194 countries.
A Purple Notice is issued by Interpol to provide information on methods, objects, devices & concealment methods used by crooks.
In the 1st stages of the scam, the scammers establish a relationship with the victims via a dating app (Interpol did not specify which specific dating app platforms are used).
“Once communication becomes regular & a certain level of trust is established, criminals share investment tips with their victims & encourage them to join a scheme,” according to Interpol.
They then convince the victims to download an app, purporting to be a trading app, and open their account.
“The investment apps – and in some cases web links – proposed to victims are under the control of criminal enterprises,” an Interpol spokesperson explained. “They are made to look & function like similar legit apps, where investors can deposit money in order to start trading.
The apps then show earnings/profits within a very short timeframe, making victims believe they have made the right decisions & are trading successfully. They are just manipulated figures which encourage victims to deposit more.”
From there, victims are convinced by the scammers to purchase various “financial products” – including cryptocurrencies, stocks & bonds & binary options & work their way up a so-called investment chain. They are made to believe they can reach “gold” or “VIP” status, commented Interpol.
“As is often the case with such fraud schemes, everything is made to look legitimate,” observed Interpol. “Screenshots are provided, domain names are eerily similar to real websites, & customer service agents pretend to help victims choose the right products.”
However, after scamming victims out of a certain amount of cash, one day all contact stops, & victims are locked out of their accounts. The financial implications of such a scam is significant: An Interpol spokesperson explained that some victims had deposited 10s of 1,000s of dollars, with a few cases over $100,000.
Hank Schless, Senior Manager of Security Solutions at Lookout, outlined that malicious attacks launched through dating app platforms, such as scams or phishing, highlights how mobile apps with a messaging function can be used by malicious players.
“Since there’s already a picture, profile & name associated with the person in a dating app, establishing trust is a much smaller barrier for the attacker,” Schless warned. “Beyond dating apps, an attacker could bring this campaign to gaming, shopping, workout or travel apps that have a social component to them.
Match & Tinder
If someone is particularly keen on finding a connection on one of these apps, they will likely be more willing to do whatever the bad player tells them to do.”
However, scams that target the emotions of victims looking for romance are another category of security challenges that dating apps need to deal with – especially during the isolating times of the pandemic.
These types of romance scams have previously proved effective – in 2019, for instance, a fraudster managed to steal from a vulnerable Jason Statham fan a “significant amount” of money, after approaching her while she was perusing a fan page for the actor on Facebook.
Romance scams have also been used for other malicious activities, including spreading malware like the Necurs botnet.
“Preying on people’s desires & fears is a tactic that fraudsters continue to use,” Setu Kulkarni, VP of Strategy at White Hat Security, explained. “When fraudsters are prying on an individual’s desires & fears, human logic goes out of the window. Think 1st, click later is quickly replaced by click 1st, think later.”
Interpol warned dating app users to always remain vigilant when they are approached by someone they do not know, especially if it leads to a request for money; think twice before transferring any money; & to do their research on suspicious apps, by checking app reviews, the domain name & the affiliated email address.