Love Your Privacy
Online connections. They are a regular part of our daily lives for interviews, telehealth, friends, and of course love. Whirlwind romances can be wild and exciting, but not always in a good way. On Valentine’s Day, this is a friendly reminder when in doubt, it’s ok to take a step back to protect yourself from heartbreak and being exploited. You may be able to unbreak your heart, but can you unbreach your data?
It Began with a Search for Love
In 2022, nearly 70,000 people reported a romance scam, with losses hitting $1.3 billion, according to the Federal Trade Commission. 40% of people who said they lost money to a romance scam indicated that contact started on social media. Just the year before in 2021, people lost $547 million.
Many online romances resulted with people being swindled out of their savings by their new significant other. The new friend suddenly needs money for an emergency and asks for help. The victim complies by wiring funds, transfering money, sending giftcards, which ultimately goes towards nefarious purposes. Usually, their match is physically far away, misses dates to meet up, and wants to progress the relationhip very fast. Basically, they get love bombed. Stories vary, but they all end with someone heartbroken and losing money.
Be Mine. Recent romance scams in that took their partners’ funds:
- Operation Gold Phish – a group of international schemers approached elderly people on websites such as March.com, Facebook, and Instagram to build a romance and convincing victims to send money.
- While Silver Singles claims their site carries ‘out daily profile checks’ on members, a man was able to scam $1.2 million from a woman in Missouri by faking his identity.
- Suspects have been charged with targeting people on dating sites such as Match.com, Christian Mingle, JSwipe, and PlentyofFish.
- CryptoRom: Scammers are using dating apps like Tinder and Bumble to steal millions in bitcoins
- Romance and Business Email Compromise (BEC) scams netted over $2.2 million
Not only should you be cautious with a potential new partner, you should also consider the security of applications and sites that will manage your personal data.
- 419 Dating – Chat & Flirt an unsecure dating app with 50 milllion users has data breach.
- MeetMindful, an online dating app, was hacked and sensitive information of over 2.28 million users of the app was released.
- Coffee Meets Bagel experienced an outage due to a bad actor deleting data from the site.
- Plenty of Fish leaked private user information.
- CatholicSingles.com had 50,000 contacts’ real names, billing addresses, email addresses, and other private user data leaked.
- “At least 70,000 photos of women scraped from profiles in the Tinder dating app are circulating on a cybercrime forum.”
- Niche data apps exposed personal data of 100,000+ users as well as voice messages and audio recordings. This type of data could be used to extort or blackmail victims. This can impact not only your personal life, but also your professional life.
Don’t You Love New Technology?
With the evolution of technology, hackers are getting ambitious by using bots to scale their operations by creating a vast number of accounts to grow their stolen haul. And with Artificial Intelligence (AI), an entire fake relationship is much easier to create – complete with photos, a bot that mimics voices and develops chats so it is much more realistic experience for a victim.
ChatGPT is a chatbot launched by OpenAI. According to Mashable, “Tinder users are using ChatGPT to message matches.” This brings about the sensitive topic of disclosure on a dating app. Wouldn’t you want to know that your potential match was based off an AI-generated bot? While using bots is not new in this arena, this chatbot allows for more sophisticated messaging and connection. This scam is known as LoveGPT.
Fluttr, a UK-based dating app, requires “all members complete biometric ID verification bTefore they digitally mingle.” This is to verify identity to prevent fake profiles, scams, or catfishing. With recent high profile scams like ‘The Tindler Swindler’, this app aims to allow singles to connect safely.
An Act of Love
In an effort to safeguard people from bad actors, the Online Dating Safety Act of 2023 was introduced. Its purpose is “To require online dating service providers to provide fraud ban notifications to online dating service members, and for other purposes.” This is a good direction for the industry.
Best Practices to Protect Yourself.
Verify. While it is fun meeting new people, take your time to get to know them. Hackers are in it for the long haul to piece together details to social engineer you. Learn about your new connections, check their digital footprint. You can easily do a search on someone to confirm their work, location, images. Always do a reverse image search if you have their photo. Premature familiarity is something you want to avoid to prevent a cyber attack.
Be Careful What You Share. Your private information is invaluable to you, and unfortunately, a hot commodity amongst bad actors. We’ve seen many online apps get hacked, exposing personal data and photos. And don’t forget, your photos and selfies may reveal more facts about you than you wanted – like a photo of you with your work ID.
Be Aware. Know the latest scams and techniques out there. Download these security awareness posters to help you keep aware.
Social Engineering. Keeping connected in a time of social distancing is tricky. Validate your network controls are effective with penetration testing as your online network grows.
Do Not Follow. If your new friend wants to continue chatting on another app like Telegram, stay away. Keep on your dating app to chat, as apps are leveraging technology to detect and warm users of ‘fake’ profiles based on what the profile details and what it says.
Good to Know
Here are a few key terms and references to know before you give them a key to your heart.
CATFISH Creating a false personal profile on a social networking or dating site for fraudulent or deceptive purposes. Usually involved in scamming people of funds, cryptocurrency, or giftcards.
CRYPTOROM Scam that combines romance and cryptocurrency trading by by contacting potential targets through dating apps or social media platforms.
SEXTORTION A type of scareware in which the hacker claims they have images of the target engaging in lewd sexual behavior. The attacker then threatens to share these images unless the victim pays a ransom or performs some other kind of action
SMISHING A text message designed to trick the victim into trusting a hacker. The attacker pretends to be someone the target trusts or an organization they may feel comfortable giving private information to.
SOCKPUPPET An identity created online to deceive others—a fictitious persona or alias. A sockpuppet can be used by security investigators to gather information. Hackers can use them to pretend to be someone else and trick their targets into giving up sensitive information.
TINDER SWINDLER A Netflix documentary that documents the stories of three women who were swindled of their life savings by a man, Simon Leviev, who presented himself as the son of a wealthy diamond oligarch. This scam was a complex ponzi scheme that maintained Leviev’s opulent lifestyle and set the stage for his next victims.
SOURCES: