Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Tinder Spam Campaign Hides “Handwritten” Links in Profile Images

Tinder Spam Campaign Hides “Handwritten” Links in Profile Images

A new trend has emerged on dating apps like Tinder with spammers sneaking in links within profile images.

Multiple such Tinder spam profiles reviewed by BleepingComputer shared some common characteristics.

For example, nearly every profile had an image of an attractive person followed by another one showing an NSFW domain handwritten on a placard.

Spammers abuse profile images to promote spam domains

In a recent trend observed by BleepingComputer, a noticeable number of fake dating profiles have flooded Tinder.

These serve no purpose other than luring users in to visit spam links—leading to third-party dating or NSFW websites.

However, unlike with other dating apps, where spammers send unsolicited links to users via direct text messages, this slightly more clever technique abuses profile pictures to sneak in images of handwritten domains within them.

These fake Tinder profiles, seen by BleepingComputer, comprised mainly two profile pictures.

The primary profile picture is often that of an attractive person, followed by a second image with the spam domain inscribed on a placard or piece of paper, as shown below:

tinder spam profile
Fake Tinder profile with an image of a real person (redacted) followed by another one with a spam placard
Source: BleepingComputer

Moreover, a provocative bio text is yet another hook to lure the user into visiting the NSFW links.

What makes this trend going is that such custom-made images containing handwritten versions of links would be much harder to automatically detect or remove en masse.

Searching profiles for text strings representing malicious domains (e.g. in user’s bio) automatically is a far easier job for any AI.

Also Read: How to Prevent WhatsApp Hack: 7 Best Practices

Dating apps continue to battle growing spam

Although Tinder might be a victim of this new trend, popular dating apps continue to battle the problem of growing spam and fake profiles.

For example, in the past few weeks, Grindr users have been receiving unsolicited links via direct messages from “blank” profiles that typically have no bio or a profile picture:

Grindr spam
Spammers sending unsolicited links in direct messages on Grindr
Source: BleepingComputer

Other than being an obvious nuisance, such practices by malicious actors, and the very presence of fake profiles on online dating apps, pose serious risks to the safety and privacy of legitimate users.

In Grindr’s case, however, because spam messages are often strings, it would likely be much easier for the company to sweep for and remove such text messages automatically.

In March this year, the company had said:

“Grindr is fighting and banning spam non-stop, 24/7, 365 days a year. Spam is our most reported and banned category.”

“The fight against spammers, particularly on an instantaneous chat service where users seek significant privacy, is a big challenge,” said Alice Hunsberger, Grindr’s Senior Director of Customer Experience.

Using automation, Grinder states that it strives to detect and remove spam proactively, eliminating the need for the user to manually report it—although spammers have often remained a step ahead.

“We use a number of systems in the fight, including a new AI-powered service that helps us detect ‘non-human’ usage of Grindr.”

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

“Though we are constantly surprised how often we find users with the amazing ability to behave like a machine,” further explained Hunsberger.

Users on dating apps should refrain from visiting dubious links and ideally report spam profiles to keep online dating communities safe for everyone.

BleepingComputer reached out to Tinder and Grindr for comment well before publishing this article but we have not heard back.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us