Bob likes movies on rainy days. Camping in the fall. And long, romantic walks on the beach.
Bob just sent you a message, “Hey there. I saw your profile and I think we have a lot in common. Take a look at my profile and let’s talk!”
Sure enough. You do have a lot in common. You both own cats. You are both foodies who enjoy trying new restaurants and cooking. You both like city living but also love camping. His collection of Harry Potter paraphernalia rivals your own. You and Bob are a good match.
So should you meet Bob?
This is a common scenario in the growing market of online dating, a market that 15 percent of the U.S. population—47 million people—have joined. When you consider there are an estimated 54 million single people, you begin to understand the scope of things. It’s essentially social media with a “hookup” theme. And where social media is concerned, where profiles are concerned, your security is a concern.
You already know connecting with a total stranger on the internet and eventually meeting them in person comes with major security risks. But you can protect yourself by following a few simple rules:
- Google the person’s name and reverse image search any photos available. Verification is key.
- Voice chat multiple times before meeting. Messaging is a convenient way to get to know each other but it’s important to hear their voice.
- When it’s time, meet during the day at a public location.
- Inform a friend or family member when and where you are meeting, and have that person be in the area if possible.
- Provide your own transportation.
That’s a good starting point to general security, physically speaking. But online dating is also a breeding ground for cyber attacks. Remember, 47 million people have set up some sort of online profile through various dating sites in the U.S. alone. Where they might see a convenient way of meeting other potential daters, cybercriminals see 47 million potential victims.
Let’s get back to Bob, your positive match who happens to have an attractive profile picture.
The conversation has started. You are now texting, emailing and talking regularly. His profile says he lives just an hour away, but he’s out of town on international business for a few weeks (he has a really good job training IT personnel at data centers).
Bob is charming. Bob seems to know exactly what to say and when to say it. He also seems to be available to chat anytime, but the job he is out of town for is going to take longer than expected, preventing the two of you from meeting.
The conversation goes on. You exchange tons of personal details over the course of several weeks and the next thing you know, you’re infatuated with Bob. And finally, he sends you his travel itinerary. Good news! He lands in a few days. You’ll finally get to meet the man behind the profile.
Unfortunately, Bob never shows. Instead, you get a desperate message from him claiming that he was robbed. He assures you he’s otherwise fine but needs money to buy a new plane ticket since all of his credit cards are now gone.
It’s the oldest trick in the book. You know the one; you get an email from someone begging for money due to a state of emergency. Or a rich uncle that needs a small payment upfront to give you your share of a previously unknown inheritance.
In the world of online dating, it’s called a romance scam (or confidence scam). Criminals use catfishing to gain the trust of their victims and launch a malicious campaign in hopes of financial return. The FBI reports that there were more than $82 million in victim losses in the last half of 2014 alone. You may have even heard of “Amy”, a woman in her late 50s who was conned out of nearly $300,000.
It’s an ongoing scam with an unfortunate history of success. But the Amy example is an extreme one. Cyber security isn’t about just not sending money to strangers. That much should be obvious (sorry, Bob). It’s also about what you share, where you share it and whom you share it with.
Romance scams take a lot of work and require a fairly sizable investment in time. Your personally identifiable information, on the other hand, is much more convenient.
Online dating sites are easy and inexpensive for anyone to join. Once you’re in, you can dig through profiles of millions of users, some of which throw every little bit of information about themselves out there without much regard for their safety.
Actual search criteria on a popular dating site.
Worse, after meeting someone of interest, users are easily convinced to move their conversations away from the dating site to a personal email account. Can you guess what happens next? Malware, of course. The people in question trust whatever is being sent to them, because it’s coming from someone they ‘like’, someone who, they think, ‘likes’ them back. So they’ll download any attachments and click on any shortened URL, which opens the door for an intrusion, giving the criminal access to all of their victim’s information.
Furthermore, the dating sites themselves are a target. We all remember the Ashley Madison data breach. But less infamous and just as dangerous are the malware attacks on Match.com and Plenty of Fish. In this situation, criminals used “malvertising”—online ads that spread malware. Trust me when I tell you that these are not the Trojans you’re looking for.
It’s all about practicing safe (Info)Secs
Sharing personal information with strangers is a necessary evil of online dating. But there is a way to stay safe while also attracting a potential date.
First and foremost, learn and understand the terms of service and privacy settings of all of the websites you join.
It’s common knowledge that some dating sites sell your information. And all of them harvest personal details about you through surveys, forms and any info you give them. How else would they determine the compatibility of users? But they also exploit that info to data brokers. Take some time to read the fine print when setting up your account.
Share as little info as possible.
This is social media 101. The information you put out there is permanent. In fact, most sites don’t even remove your info even after you delete your account. As such, be careful about what you share. Keep it simple. Just the basics. Other users don’t need to know your specific address, your phone number, your full name, email address and your employment status. Keep photos to a minimum. In fact, take photos specifically for dating sites that aren’t attached to any of your social media accounts.
Keep conversations on the dating site.
There’s no need to exchange emails or friend them on any social media sites. Doing so puts not only your sensitive data at risk to a total stranger, but also the data of your family and friends.
Trust No One
Skepticism is your best friend. Per usual, if it sounds too good to be true, it is. If the person contacting you looks like a super model, chances are it’s a fake account. Even after you get to know someone, Google search them. Reverse image search their photos. Heck, run a background check. That may not seem right but it’s your security at risk.
What about Bob?
Let’s put it like this: if you send Bob money, you are definitely his type. Even if Bob was actually robbed and is telling the truth (highly unlikely) it’s not on you to bail him out. And you’ll know immediately if it’s a scam because his requests for cash will become more and more desperate.
Staying safe in the online dating market isn’t all that different than staying safe anywhere else in the cyber world. Just use common sense and stay forever skeptical.
Latest posts by Justin Bonnema (see all)
- Incident Response: Time Is Not On Your Side - April 1, 2019
- 5 Traits of Security Aware Parents - March 14, 2019
- Bad Habits of Senior Managers That Put Security of Organizations at Risk - March 1, 2019