Tinder Spammers Still Going Strong Despite Security Improvements

  • Contributed by:
  • Views: 1,424

Dating app Tinder has had to deal with a lot of security issues, despite the app’s verification system using Facebook Connect.  In theory, because of Facebook’s security measures, only “real people” can join Tinder, so users can sign up with some reassurance the profiles they'll encounter will be real. But lately, this has not been the case.

Spammers and scammers have been able to lure users away from Tinder and onto their sites, typically, with spam bots - fake accounts pretending to be real people that flirt with users in order to redirect them to adult sites - and take their money. In the past, Tinder users could block profiles, but they couldn’t report spam.

According to website Tech Crunch, things have changed. Users can now not only block accounts but also report spam. Tinder also made a technical update to address the issue, and the update was effective at cutting down on the in-app spam. Unfortunately, the spam bots just found another avenue - SMS. Phone spam for Tinder users skyrocketed.

Instead of luring Tinder users away while they are inside the app, the spam bots changed their scripts and started collecting mobile numbers from the users, sending those users text messages with links to the spammers’ websites. 

It can be really misleading for users to receive text messages from spammers who are pretending to be people. One example Tech Crunch used that came from a spam bot read like this: “sorry my phone’s almost dead and out of mins too. If you go on Tinderpages.com ill be there. Im sweetgirl4u on it. Sorry its free tho if you confirm your email.”

Tinder is still racking up complaints, so it seems the technical update hasn’t actually made a difference. According to security researchers, this is beacuse Tinder was successful in getting rid of the in-app spam bots but not the spam bots themselves. Lead researcher Raj Bandyopadhyay explained to how they conducted their research, and what it meant for Tinder:

“Our topic modeler looks for phone number related complaints, and then classifies them using Data Scientist to validate correlation. In this case, we isolated complaints related to Tinder, and then compared them to historical complaints. This gives us a high degree of confidence that the spike is specific to Tinder activity and not just an overall spike in spam. In addition, it is important to re-emphasize that this is a pattern we have frequently seen – fraudsters migrating to phone after being thwarted online.”

So it seems text messages are becoming the spam bot avenue of choice, since online technology has improved so much. Now, mobile security needs to catch up.