For a week now users have been complaining of getting matched with bots peddling the game in a pretty standardized way: after saying hello, the bot asks the user how he's doing and immediately offers: “Relaxing with a game on my phone, castle clash. Have you heard about it?”
It then sends out a link to a page on the Tinderverified.com domain and ends up with "Play a bit with me and you may get my phone number :)"
The URL is a clear attempt to make users trust the link, and the attractive photos used for the bot accounts are pulled from a site of a photography studio, Bitdefender shared with Eduard Kovacs.
US users that follow the link land on the page offering the mobile Castle Clash game, and those outside the US are redirected to surveys and other scammy sites.
Internet Gaming Gate, the Chinese company that created the game, denied having anything to do with the spam campaign and said they are investigating the matter. Of course, it is entirely possible that they have hired a disreputable third party to promote the game.
Tinder has commented by saying that they are working on taking down the fake accounts.
This is not the first time that Tinder users have been targeted by bots. More than a year ago, Symantec researchers have zeroed in on a similar campaign whose goal was make users unknowingly sign up for pricy online memberships.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.