Tinder bot scam

What happened?

Tinder announced that a new scam is targeting its users to inadvertently subscribe them to adult websites that charge hefty fees. This scam operates under the pretense that a user enters his or her personal information, along with payment card data, to verify that their account is legitimate. In theory, verification could help ease the many fears and anxieties users may have about online dating, especially before meeting in person.

Initially, verification was used to discern between legitimate and fan-run social media pages for public figures and celebrities. Twitter, for example, has now opened verification to the public, allowing all users to verify the legitimacy of their profiles instead of waiting for Twitter to approve or deny their requests.

Tinder also has a legitimate verification process. However, it is reserved specifically for celebrities and high-profile accounts. Unlike Twitter, this process is not open to the public.

How does it work?

Tinder web bots, disguised as profiles of women posing in lingerie, match with users and send messages to pique users’ interests. From there, the bot will ask if the user’s profile is verified and send a link to a fraudulent site. Bots will indicate that because the user’s profile is not verified, they will not meet in public. In addition, bots will claim that the verification process is free of charge.

Symantec reports that it found at least 13 sites on the Internet claiming to be part of the “Tinder Safe Dating” initiative. These sites use keywords like “Tinder,” “safe online dating” and even utilize the Tinder logo to convince users that they are legitimate sites.

What users don’t know is that their personal information and payment card data is being used to sign up for various adult webcam sites. After the initial free trial runs out, users are automatically charged $118.76 a month for their subscription. Bots that drive users to this site are paid commission for every user that does not cancel their subscription before the free trial runs out.

(Click image to enlarge)

How is this different than other online scams?

Tinder bots are not looking for your personal information with the intention to steal your identity. Instead, they are using the guise of Internet safety to obtain your information to push users to various adult websites.

Typically, bots will use shortened URLs so that users are less likely to suspect it is an illegitimate link. However, this particular scam is using the full URL so that users can see keywords like “Tinder,” “protection,” and “dating safety.”

What users don’t know is that their personal information and payment card data is being used to sign up for various adult webcam sites.

According to a Tinder spokesperson, Tinder will never request verification through third-party websites, apps or links. Requesting third-party verification or personal and payment information violates Tinder’s terms and conditions. Tinder has encouraged any users that come in contact with a scam profile to report it immediately.

What can you do?

Tinder is not new to bot scams. Symantec’s blog keeps you updated on various Tinder scams and how to avoid falling victim to one or more of these scams. Before swiping left or right, make sure you follow these tips to prevent scammers from swiping your information.

  • Keep your payment information private. Only provide payment information when necessary if opting in for Tinder’s premium benefits.
  • Never click on links that are sent to you by someone you don’t know.
  • Read Tinder’s safety tips here to learn more about how you can protect yourself and your information while using their site.