You may have personally experienced this moment of elation when you start a conversation with that perfect stranger, no? While the potential of a new romance can bring all sorts of wonderful emotions, one thing should be on your mind: is this person with whom you have shared a budding romance really the person he or she claims to be? Unfortunately, surfing the net in search of the perfect partner to share your life with can be the ideal time for scammers from all over the world to get into action and test their fraud techniques to extract money from vulnerable people. But what exactly do these approaches look like?
In this article, we'll take a look at the types of identity theft that can occur online but also review recent security breaches that put your data at risk.
When doxers steal your identity
Online dating apps are as popular as ever. The number of users is higher than the pre-pandemic figure and a report form Sensor Tower Usage Intelligence reveals that the global usage of Tinder, Bumble, and Hinge collectively grew 17 percent in January 2022 when compared to the same month in 2019.
Dating applications such as Tinder, Meetic or Bumble offer a gateway for hackers to access members' personal data. Of course, this has become a major concern for these large companies, which are doing everything possible to protect user data. A June 2021 study by Kaspersky revealed the threats and fears encountered by users of these applications, and the figures speak for themselves. In France, for example, the study showed that 10% of users have been victims of “doxing” , a technique that consists of searching for, and disclosing information on the internet, about an individual's identity and private life in order to harm them.
And this hunt for information is made all too easy with the amount of identifying data available on these platforms. Doxers, as they are called, can potentially access your name, workplace, phone number, credit card details, or even street address.
"Indeed, social media and various apps have made dating much easier for us,” said Anna Larkina, security expert at Kaspersky. “You might find the love of your life online but unfortunately, there are also bots and fraudsters looking for prey on dating platforms. That is why, while communicating with someone online, it is still important to remember the basic rules of digital privacy. To date online safely, I recommend not sharing personal identifying information, such as your phone number, location, home, and work address, etc. Preventing threats at such an early stage will let you enjoy online dating without any fears. But beware, the biggest risk for users of these applications is romance fraud.”
Fake profiles for real love?
This fraud technique consists of contacting a victim through a dating application, and seducing them to extract, in most cases, large sums of money.
"Typically, romance fraudsters will spend weeks gaining their victims’ trust, feeding them fabricated stories about who they are and their lives - and initially make no suggestion of any desire to ask for any money, so the victim may believe their new love interest is genuine," explained Detective Superintendent, Matt Bradford of the City of London Police.
The problem is proving to be global. Last year, the FBI revealed that this type of scam was the second most lucrative type of cybercrime reported in 2020, accounting for $600 million in losses.
To protect their users as much as possible, these dating applications, such as the website Meetic.fr, offer a guide to online safety in their charter of trust. This charter advises romance seekers to be cautious and never send money; not to share financial information, and to be wary of long-distance relationships.
However, "fake profiles" are problematic. It is now well-known dating sites are full of them. Fake profiles are created from other people's photos and profiles - with one aim in mind - to lure prey and extract ever-increasing sums of money from them.
These fake profiles are the pet peeve of dating giants. At present, most dating sites have not yet opted for sufficient authentication systems to ensure that a profile is the property of the person using it. The exception being Tinder, which may have found the solution In its fight against fake profiles, Tinder has decided to take matters into its own hands. For a few months now, the app has been offering to verify your profile by matching a selfie with the photos on your account.All this is made possible by biometric authentication. This facial recognition technology verifies a person's identity by measuring their face and head.
On its website, Tinder explains that the verification process is done in two steps. The pose verification, and then a facial verification. By collecting this information, artificial intelligence will be able to determine if your selfie matches your profile.
Even if this method allows you to secure your identity; how can you make sure your data is safe and protected ?
How well protected is your data?
You could, and should, ask yourself, if the data you share on these applications is effectively protected against incursions. The recent example of the Japanese dating application, Omiai, proves there is still a long way to go in terms of securing online data. In May 2021, the dating app was the victim of an attack resulting in the theft of 1.7 million user data. The hackers had access to one of the company's servers for a short time, but their IP address was quickly blocked, according to Omiai, which also said that no banking data was stolen.
The mishap is undoubtedly reminiscent of the attack on MeetMindful, just a few months before the attack on Omiai. In January 2021, a group of hackers called ShinyHunters stole and distributed 2.28 million user data. Today the modus operandi of these hackers remains unknown, although Avihai Ben-Yossef, cybersecurity expert and CTO of Cymulate, theorizes that it was a misconfiguration of the company's cloud:
"The ShinyHunters hacker group...has a penchant for attacking cloud-first companies, those that put their infrastructure in the cloud from the start."... "There's a lot to be done to shore up cloud health - multi-factor authentication, good certificate and identity store management, better account configuration and control, better workload segmentation, etc...; along with ongoing security assessment."
However, the big dating apps are not the only ones to fall victim to hackers. This was the case for the small French company, Waiter, which was also the victim of a hack in December 2020. Luckily very little sensitive user data was hacked. However, the attackers had access to the information indicated in the users' profile (age, gender, country of residence, weight, height, etc.). The database did not contain last names, email addresses or phone numbers, as this information was stored separately.
Once again, the security flaw was quickly identified. The cause was an Elastic Search server that was left open, which is a very common mistake.
We can't stress enough how careful users need to be to protect their online data. But it is also important to emphasize the responsibility for protecting user data lies with companies, who must have reliable defenses in place to ensuretheir servers are impenetrable. This issue could soon be mandated. As this recent article in the Wall Street Journal points out, governments worldwide are beginning to lose patience with companies that are not investing in enough cyber defenses.
Have fun but be careful!!!
Online data and love don't seem to mix well. It is important to protect yourself online and not trust the first person you meet. Don't rush into anything or you'll get more than your heart broken. As we have seen, cybercriminals will stop at nothing to get money from their victims. So, be careful when you exchange information on these dating applications and be careful about the type of information you disclose.