Tinder is a kind of modern day ‘Hot or Not’ mobile dating app. It finds matches based on location, then lets you scroll through pictures (no lengthy profiles here), picking those that catch your eye – and vetoing the ones that don’t. The app works by accessing users’ Facebook accounts to pull pictures and other relevant profile information about their age, interests, status, and more. However, despite the app’s growing popularity, many users have been plagued by a mobile scam using bots to impersonate eligible singles.
Because spammers notoriously target large, susceptible groups of people, it is no surprise that they have turned their sights on love-seeking Tinder app users. Recently, there has been a rise in fake accounts controlled by bots (malware infected computers or devices controlled by third-party) that masquerades as real users, complete with names, interests and photos. The bots not only lead users on with the false hope of a potential match, but also spam them with messages advertising a video game link. Screenshots posted to Twitter confirm the consistent pattern of this con.
The latest Tinder scam takes advantage of the app’s interface, where users scan potential matches in their area and then “swipe right” for those that interest them. Once a victim “swipes right” and contacts the fake account, it reacts with the generic message “hey :)”. Subsequently, it asks what the user is doing and then responds with “I’m still recovering from last night Relaxing with a game on my phone, Castle Clash. Have you heard about it?” No matter what the victim’s response is, the bot responds with a URL to a mobile game app called Castle Clash. In order to make the URL appear trustworthy, the party behind Castle Clash disguised the link as “Tinderverified.com.” But don’t let the seemingly legitimate link or others like it fool you; clicking on them can expose you and your private information.
It appears that this particular scam is more annoying than dangerous, and most likely just a ploy by the Castle Clash creator to boost app downloads. After the incident was reported, Tinder quickly took the necessary steps to remove these phony accounts. However, this is not the first time that the company has had issues with fake profiles, and while Tinder allows matched users to block each other, it does not prevent past victims from being targeted again. Despite the fact that Tinder users must have a Facebook account to register, it is frighteningly easy for spammers and cybercriminals to create dummy accounts using fake information.
In order to avoid email junk folders, spam has become much more sophisticated today, and communities of like-minded people like those on Tinder are perfect targets. Now that social profiles are linked to apps, mobile devices, desktop computers, and more, the risk of a potential infection spreading from one to all of them is exponentially higher. As the app maker, Tinder bears the brunt of the responsibility when it comes to protecting its users from spammers, but in the end, only you can protect yourself from malicious activity. Some best practices include:
- Always use caution when clicking on links from a mobile device—or any internet-connected gadget for that matter.
- Be selective about which friend requests you accept on social networks, as you never know when it might be a fake profile.
- Never reveal personal or sensitive information online or via social media apps, especially to people you do not know.
With the free McAfee Mobile Security app, not only can you browse social networks safely and connect with people confidently, but you can also protect yourself from risky links that could reveal your sensitive information with the Android version. It also scans your apps to find out if any are dangerous, and provides you with a privacy risk rating based on app category and expected behavior. Check out and download McAfee Mobile Security for Android and iOS to protect your phone or tablet with award-winning antivirus, privacy, and security software.