Those looking for love – or even casual sex – online could be getting more than they bargained for following warnings over a wave of mass phishing attacks designed to hit users where it hurts.
According to a study by online monitoring company Netcraft into the £2.5bn UK industry, members of Match.com, eHarmony, Zoosk and many others have been inundated with emails seeking to steal their login details.
Paul Mutton, an analyst at Netcraft, said the attacks were “massive”, adding that in the past week alone Netcraft had seen over 100 compromised sites targeting Match.com.
Stolen data is typically used to befriend other users in an attempt to trick them into handing over cash. Mutton cited the case of Karen and Tracy Vasseur, of Colorado, who were jailed in 2013 for stealing more than $1m (£590,000) from 374 people using dating-site scams.
Netcraft has yet to work out how the sites are being compromised to host the rogue scripts. Just one compromised site Mutton had seen was home to about 800 scripts that targeted many different dating sites. Each script looked like it had been generated by a “kit” bought online, he said.
The scripts are used to craft phishing emails that are spammed out to potential victims. The mails seek to trick people into entering their login names for the dating sites. If successful, the details are passed on to the legitimate login page of a dating website and are also sent to one of 300 email addresses used by the phishing gang.
Mutton said fraudsters were keen to steal login details for accounts so they could avoid paying the charges dating sites levied before users could swap messages with other members. “Anyone with a very basic knowledge of programming could make use of these kit,” Mutton warned.
The Information Commissioner’s Office recently carried out a six-month investigation into the online dating industry after concerns that companies operating in the sector were not doing enough to protect users’ personal information. However, it was ultimately branded “limp as a lettuce” after concluding consumers should read the terms and conditions more carefully.
ICO dating site probe branded ‘limp’
ICO threatens action on dating sites
Schoolgirl dating ad gets ASA slap
‘Suggestive’ dating site ad banned
‘Gratuitous’ dating site ad flayed
New warning over dating scams