Mass phishing attack launched against dating sites

Glasses of champagne People who use dating sites can be a tempting target for fraudsters

Related Stories

Fraudsters are stepping up phishing campaigns that target people who use dating websites, suggests research.

Members of Match.com, eHarmony, Zoosk, Christian Mingle and many others had received emails seeking to steal login details for the sites, said Netcraft.

The net monitoring firm said the emails had been sent from other websites, hacked to hide the senders' identity.

Stolen data would be used to befriend other users in an attempt to trick them into handing over cash, it said.

The phishing campaign against dating sites marked a departure for fraudsters, who typically preferred to target banks, said Paul Mutton, a security analyst at Netcraft who investigated the attacks.

The attacks were "massive", he said, adding that in the past week Netcraft had seen more than 100 compromised sites targeting Match.com alone.

So far, he said, it was not clear how sites were being compromised to host the scripts. Websites and servers run by individuals, small businesses, construction firms and telecom suppliers had all become unwitting hosts of the phishing tools, he added.

Mr Mutton said just one compromised site he had seen was home to about 800 short programs or scripts that targeted many different dating sites. Each script looked like it had been generated by a "kit" bought online.

"Anyone with a very basic knowledge of programming could make use of the kit," he said.

Extract cash

The scripts are used to craft phishing emails that are spammed out to potential victims.

The mails seek to trick people into entering their login names for the dating sites.

If successful, the details are passed on to the legitimate login page of a dating website and are also sent to one of 300 email addresses used by the phishing gang.

Fraudsters were keen to steal login details for accounts so they could avoid paying the charges dating sites levied before users could swap messages with other members, said Mr Mutton.

Using on-site messages the fraudsters hope to befriend others and then try to extract cash to help pay for a non-existent medical condition or to aid fictitious relatives.

Significant amounts of cash could be stolen this way, said Mr Mutton, pointing to the case of Karen and Tracy Vasseur, of Colorado, who were jailed in 2013 for stealing more than $1m (£590,000) from 374 people using dating-site scams.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

  • Cerro RicoSatanic mines

    Devil worship in the tunnels of the man-eating mountain


  • Nefertiti MenoeWar of words

    The woman who sparked a row over 'speaking white'


  • Oil pumpPump change

    What would ending the US oil export ban do to petrol prices?


  • Brazilian Scene, Ceara, in 1893Sir Snapshot

    19th Century Brazil seen through the eyes of an Englishman


BBC Future

(Getty Images)

The goggles that make you nicer

The day virtual reality changed me Read more...

Programmes

  • European Union's anti-terrorism chief Gilles de KerchoveHARDtalk Watch

    Anti-terrorism chief Gilles de Kerchove on the threat from returning Islamic State fighters

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.