Tinder users targeted by spamming bots
Posted on 02 April 2014.
Spammers are taking advantage of the popularity of the Tinder dating app to promote a game via bots posing as attractive women.

For a week now users have been complaining of getting matched with bots peddling the game in a pretty standardized way: after saying hello, the bot asks the user how he's doing and immediately offers: “Relaxing with a game on my phone, castle clash. Have you heard about it?”

It then sends out a link to a page on the Tinderverified.com domain and ends up with "Play a bit with me and you may get my phone number :)"

The URL is a clear attempt to make users trust the link, and the attractive photos used for the bot accounts are pulled from a site of a photography studio, Bitdefender shared with Eduard Kovacs.

US users that follow the link land on the page offering the mobile Castle Clash game, and those outside the US are redirected to surveys and other scammy sites.

Internet Gaming Gate, the Chinese company that created the game, denied having anything to do with the spam campaign and said they are investigating the matter. Of course, it is entirely possible that they have hired a disreputable third party to promote the game.

Tinder has commented by saying that they are working on taking down the fake accounts.

This is not the first time that Tinder users have been targeted by bots. More than a year ago, Symantec researchers have zeroed in on a similar campaign whose goal was make users unknowingly sign up for pricy online memberships.


Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Jul 29th