Mass phishing attack launched against dating sites

Glasses of champagne People who use dating sites can be a tempting target for fraudsters

Related Stories

Fraudsters are stepping up phishing campaigns that target people who use dating websites, suggests research.

Members of, eHarmony, Zoosk, Christian Mingle and many others had received emails seeking to steal login details for the sites, said Netcraft.

The net monitoring firm said the emails had been sent from other websites, hacked to hide the senders' identity.

Stolen data would be used to befriend other users in an attempt to trick them into handing over cash, it said.

The phishing campaign against dating sites marked a departure for fraudsters, who typically preferred to target banks, said Paul Mutton, a security analyst at Netcraft who investigated the attacks.

The attacks were "massive", he said, adding that in the past week Netcraft had seen more than 100 compromised sites targeting alone.

So far, he said, it was not clear how sites were being compromised to host the scripts. Websites and servers run by individuals, small businesses, construction firms and telecom suppliers had all become unwitting hosts of the phishing tools, he added.

Mr Mutton said just one compromised site he had seen was home to about 800 short programs or scripts that targeted many different dating sites. Each script looked like it had been generated by a "kit" bought online.

"Anyone with a very basic knowledge of programming could make use of the kit," he said.

Extract cash

The scripts are used to craft phishing emails that are spammed out to potential victims.

The mails seek to trick people into entering their login names for the dating sites.

If successful, the details are passed on to the legitimate login page of a dating website and are also sent to one of 300 email addresses used by the phishing gang.

Fraudsters were keen to steal login details for accounts so they could avoid paying the charges dating sites levied before users could swap messages with other members, said Mr Mutton.

Using on-site messages the fraudsters hope to befriend others and then try to extract cash to help pay for a non-existent medical condition or to aid fictitious relatives.

Significant amounts of cash could be stolen this way, said Mr Mutton, pointing to the case of Karen and Tracy Vasseur, of Colorado, who were jailed in 2013 for stealing more than $1m (£590,000) from 374 people using dating-site scams.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories


Features & Analysis

  • Cartoon of women chatting on the metroChat wagon

    The interesting things you hear in a women-only carriage

  • Replica of a cargo boxSpecial delivery

    The man who posted himself to the other side of the world

  • Jon Sopel'Emailgate'

    Hillary gets a taste of scrutiny that lies ahead

  • Beauty contestants use selfie stick7 days quiz

    Who hasn't banned selfie sticks yet?

BBC Future

(Science Photo Library)

Nasa’s amazing airport simulator

How to train 21st Century controllers


  • A robotClick Watch

    The latest in robotics including software that can design electronics to solve problems

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.