Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Tinder: Spammers Flirt with Popular Mobile Dating App

Created: 01 Jul 2013 17:18:14 GMT • Updated: 23 Jan 2014 18:05:52 GMT • Translations available: 日本語
Satnam Narang's picture
+3 3 Votes
Login to vote

Over the last few years, we’ve reported on a number of spam campaigns spreading through various social networking sites and applications. As with any social service, as it becomes popular, spammers look for ways to take advantage of this popularity by targeting the users of these services.

I’ve previously blogged about the popularity of online dating sites and highlighted an example of a malicious campaign using them as part of its lure. Today, one of the most popular online dating services is not a website, but a mobile application called Tinder.

Tinder is a mobile app that finds other users who like you nearby and connects you with them if you’re both interested. It is a very simple premise, which may explain why it has become one of the more popular dating services around. According to recent reports, Tinder users have been matched 50 million times and have provided 4.5 billion ratings on the service.

Recently, a number of users have reported that they have been finding spam accounts using the service.
 

Tinder-Spam-Fig1.png

Figure 1. Example of fake accounts on Tinder
 

Further research confirmed that a number of spam accounts have been created on Tinder.
 

Tinder-Spam-Fig2.png

Figure 2. Mutual Matches notification
 

Just as expected, when a user likes one of these spam accounts they’re instantly notified of the match. The spam accounts don’t seem to respond unless the user engages the account first.

The spam accounts follow a similar script when communicating with Tinder users.
 

Tinder-Spam-Fig3.png

Figure 3. Spam bot auto responses are the same
 

While engaging one of these spam accounts, I found a glitch.
 

Tinder-Spam-Fig4.png

Figure 4. Spam bot aged two years instantly
 

The spam bot seemed to report the wrong age twice, even though the spam account profile listed its age as 26.

Here is what the bot’s script typically looks like (glitch included):

Bot: hey … have we spoken before? 22..female here…you ?
Bot: hey ….. have we chatted before?? 24..female here…..u?
Bot: i’m sorry…I get to be forgetful at times! how’re u??
Bot: Just got online….long week been kind of busy! But I’m feelin’ aroused!! So what’s up …. Wanna have some fun ??  :)
Bot: I need a guy who can [REMOVED]..have u ever [REMOVED]?? hahaa
Bot: going to change my underwear….. want to see?? =)

At this point, the spam bot starts to lure the user in with the promise of a webcam session.
 

Tinder-Spam-Fig5.png

Figure 5. Spam bot begins the lure
 

From here, the spam bot will provide a shortened URL and instructs the user on how to proceed in order to gain access to her webcam session.
 

Tinder-Spam-Fig6.png

Figure 6. Landing page used in Tinder spam
 

If the user accepts the invitation on the landing page, they’re redirected to another site that asks them to sign-up, requesting personal information as well as a credit card number reportedly for age verification.
 

Tinder-Spam-Fig7.png

Figure 7. Membership requires credit card information
 

It’s interesting to note that the spam bot pre-emptively answers concerns about the website and the credit card information.
 

Tinder-Spam-Fig8.png

Figure 8. Spam bot responds to concerns
 

The bot glitches again as it changed part of its script from “sexy” to “handsome” when checking to see if the user has joined the site.
 

Tinder-Spam-Fig9.png

Figure 9. Spam bot glitch and request for “gold”
 

The spam bot also makes a request for some “gold” once the user joins the site. It’s likely that “gold” is a reference to currency used on the site, which a user may need to purchase.

How do the scammers monetize here? Affiliate programs are most often the drivers for much of the spam circulating on social networking sites. In this particular case, it’s best to “read the fine print,” as the old adage says.
 

Tinder-Spam-Fig10.png

Figure 10. Free access includes an upgrade to platinum membership
 

By default, the checkbox for “Upgrade me to a platinum membership” is selected. If this checkbox remains selected, there are two additional sites that the user is signed up for. The sites provide trial memberships of 10 days and 7 days respectively. If the user doesn’t cancel these accounts, they are then billed up to US$80 a month. Unfortunately, the user is often unaware that they are signing up for these additional sites and the scammers will be rewarded through the affiliate programs they signed up for.
 

Tinder-Spam-Fig11.png

Figure 11. Blocking spam accounts on Tinder
 

Currently, there is no way to report spam accounts within the Tinder application. However, the service does offer a way to block users. Therefore, users are advised to block any spam account they’ve been matched with.
 

Tinder-Spam-Fig12.png

Figure 12. Tinder for Android is on its way
 

The spam I’ve found on Tinder seems to be limited at this time. However, there is a concern that the service will see an influx of more spam bot accounts. While Tinder is only available for the iPhone at this time, there are plans to bring the application to Android devices. One trend I’ve observed in the last year is that following the introduction of an Android application, the volume of spam on popular services like these typically increases.