Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Tinder Spam Campaign Hides “Handwritten” Links in Profile Images

Tinder Spam Campaign Hides “Handwritten” Links in Profile Images

A new trend has emerged on dating apps like Tinder with spammers sneaking in links within profile images.

Multiple such Tinder spam profiles reviewed by BleepingComputer shared some common characteristics.

For example, nearly every profile had an image of an attractive person followed by another one showing an NSFW domain handwritten on a placard.

Spammers abuse profile images to promote spam domains

In a recent trend observed by BleepingComputer, a noticeable number of fake dating profiles have flooded Tinder.

These serve no purpose other than luring users in to visit spam links—leading to third-party dating or NSFW websites.

However, unlike with other dating apps, where spammers send unsolicited links to users via direct text messages, this slightly more clever technique abuses profile pictures to sneak in images of handwritten domains within them.

These fake Tinder profiles, seen by BleepingComputer, comprised mainly two profile pictures.

The primary profile picture is often that of an attractive person, followed by a second image with the spam domain inscribed on a placard or piece of paper, as shown below:

tinder spam profile
Fake Tinder profile with an image of a real person (redacted) followed by another one with a spam placard
Source: BleepingComputer

Moreover, a provocative bio text is yet another hook to lure the user into visiting the NSFW links.

What makes this trend going is that such custom-made images containing handwritten versions of links would be much harder to automatically detect or remove en masse.

Searching profiles for text strings representing malicious domains (e.g. in user’s bio) automatically is a far easier job for any AI.

Also Read: How to Prevent WhatsApp Hack: 7 Best Practices

Dating apps continue to battle growing spam

Although Tinder might be a victim of this new trend, popular dating apps continue to battle the problem of growing spam and fake profiles.

For example, in the past few weeks, Grindr users have been receiving unsolicited links via direct messages from “blank” profiles that typically have no bio or a profile picture:

Grindr spam
Spammers sending unsolicited links in direct messages on Grindr
Source: BleepingComputer

Other than being an obvious nuisance, such practices by malicious actors, and the very presence of fake profiles on online dating apps, pose serious risks to the safety and privacy of legitimate users.

In Grindr’s case, however, because spam messages are often strings, it would likely be much easier for the company to sweep for and remove such text messages automatically.

In March this year, the company had said:

“Grindr is fighting and banning spam non-stop, 24/7, 365 days a year. Spam is our most reported and banned category.”

“The fight against spammers, particularly on an instantaneous chat service where users seek significant privacy, is a big challenge,” said Alice Hunsberger, Grindr’s Senior Director of Customer Experience.

Using automation, Grinder states that it strives to detect and remove spam proactively, eliminating the need for the user to manually report it—although spammers have often remained a step ahead.

“We use a number of systems in the fight, including a new AI-powered service that helps us detect ‘non-human’ usage of Grindr.”

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

“Though we are constantly surprised how often we find users with the amazing ability to behave like a machine,” further explained Hunsberger.

Users on dating apps should refrain from visiting dubious links and ideally report spam profiles to keep online dating communities safe for everyone.

BleepingComputer reached out to Tinder and Grindr for comment well before publishing this article but we have not heard back.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us