Scam alert: Fraudsters attack online dating sites
Shifting their focus from banks and other financial institutions, gangs of criminals are running massive, dedicated phishing campaigns against dating sites.
Users of online dating sites, including Match.com, eHarmony, PlentyOfFish, Chemistry.com, SeniorPeopleMeet, Zoosk, Lavalife and Christian Mingle have faced a rise in phishing emails, which are designed to steal usernames and passwords.
Cybercriminals who steal accounts on these popular dating sites will go on to use them to commit online dating fraud.
By getting hold of genuine users' login details, the fraudsters can then use the dating site's messaging system to send messages to potential victims, building up a relationship with them before claiming that they need money for, say, a medical emergency or travel costs to arrange a meeting.
Once they have been successful, fraudsters sometimes come up with more reasons why they need money and, in some cases, resort to blackmail - perhaps their victim has sent them explicit photos, which they threaten to email to friends and family.
Many dating sites only allow messages to be exchanged with other users after a subscription fee has been paid. By compromising existing paid accounts, the fraudsters can avoid making any payments so they are harder to trace.
Netcraft says it's not unusual for fraudsters to encourage their victims to migrate to instant messaging software or even text messages rather than continue chatting on the dating site, making it even harder to detect such fraud.
If you think you have been the victim of a dating fraud, report it to Action Fraud on 0300 123 2040 or online.
Telltale signs your 'match' may be a fake:
- Coming on too strong, too fast.
- Photos that look too good to be true.
- Claiming to be working abroad.
- Pressure to communicate outside the dating site such as over email, instant messaging or texting.
- Cancelling plans to meet in person at the last minute.
For more on online dating scams, see.
Phishing scams are typically fraudulent email messages from seemingly legitimate sources (your internet service provider, mobile phone provider, bank etc). These messages usually direct you to a counterfeit website or ask you to divulge private information (password, PIN, credit card numbers, or other account updates), which is then used to commit identity theft.