September 2021 – In 2020, researchers at Check Point Research, the threat intelligence division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading global cybersecurity vendor, discovered and helped patch several critical vulnerabilities in the website and mobile app of OkCupid, one of the world’s leading free online dating services with more than 50 million users in 110 countries around the world. Through these vulnerabilities, if left unaddressed, a cybercriminal could have gained access to and stolen private and sensitive information from users of the service, as well as sent messages from their profile without the person being aware of it.
The use of dating apps has been on the rise for years but, as with most things digital, it was accelerated by the pandemic. According to data company Apptopia, the top 20 dating apps gained 1.5 million daily active users in 2020. Statista reveals there are 234.1 million users worldwide in 2021, a number that is expected to increase to 276.9 million by 2024. In Spain, according to Netquest, 5% of women and 9% of men have installed Tinder, the most popular dating app, on their mobile phones.
But what are the risks that all these users expose themselves to when flirting online? Check Point Software warns of the dangers that many users of these popular apps face on a daily basis. Cyber risks that can be avoided by simply knowing what threats exist:
- From “sexting” to “sextortion”: Black Mirror predicted it and it seems to have come true. One of the greatest risks to users, who share racy photos with their dates, is the possibility of those images becoming used as blackmail for financial gain. When registering for an app, a large amount of personal information is revealed, which can also be used by cybercriminals who sign up to the app to blackmail its members.
- Malware on the prowl: a simple photograph can be the perfect hook to gain access to an entire device. One of the best techniques that cybercriminals use in dating apps is creating an attractive profile, one which every victim would want to be “matched” with. They can host any type of cyber-attack in the file sent, such as a photo, which could contain malware with spyware capable of obtaining the user’s application passwords.
- Fake romance: In dating apps, it’s common for cybercriminals to create fake profiles with images and descriptions that attract the user’s attention. Their modus operandi is to establish an interest in order to initiate a conversation with the victim. Over days, weeks or even months, the attacker gradually gains the victim’s trust and seduces him/her. A long-distance relationship is initiated. Most often, this relationship starts without the parties actually seeing each other, but there is a promise to “meet soon.” The cybercriminal asks the victim to send money “so that they can travel to meet up” or because a “serious problem” has arisen.
- Impersonation: Although these cyberattacks are most likely to target the users of these apps, there are instances when an outsider can be targeted. Any individual with someone else’s data, documents or files is capable of impersonating an identity. In fact, now that most internet users expose a lot of their data on the web, it is accessible to everyone. With this data, cybercriminals are able to create profiles pretending to be someone they are not, in order to fraudulently act for financial gain. This act can undoubtedly cause great damage to a person’s image.
- Account theft: when you go on the dark web, you will find hundreds of hacked dating app profiles available to buy at a high price. In 2016, a dating website was hacked and the data of 32 million users was stolen, including some who had already unsubscribed from its services. Data included emails, passwords and other personal account information that can be sold and used for subsequent phishing or malware cyberattacks, among others.
Tips for cyber-protection:
- Never give confidential information to third parties: any user who requests confidential information may be a cybercriminal, so it is essential that you never give out personal data in these apps to avoid running any kind of risk.
- Do not download images or files to your devices: everyone shows their photographs on these dating apps, but it is very important that they are only displayed on the application itself and are not downloaded or saved, as they could be hiding any type of cyberattack that could endanger all the documents and files on your mobile or computer.
- Do not trust, use common sense and do not rush: this is a basic premise, but sometimes the most obvious thing is the most useful. If something seems strange or does not seem very real, it is better to be suspicious. There are plenty of fish in the sea, so don’t take any needless risks.
- Check profiles on dating websites: One of the best precautions you can take is to pay attention to details and be wary of newly created profiles and/or profiles with pictures that look like an advertisement. If, in addition, that user shows too much interest or asks for too much personal information… that should ring alarm bells.
“Millions of people use dating apps or websites to meet new friends and, who knows, with any luck, find their life partner. They are very convenient for users, as they allow them to make contact quickly, easily and from anywhere. However, they do not go unnoticed by cybercriminals, who take advantage of these platforms and the confidential information they contain when looking for potential victims to scam. The best way to stay safe is to proceed with great caution and understand the steps you can take to avoid the cyber risks that you could be exposed to,” says Ian Porteous, Regional Director, Security Engineering, UK&I at Check Point Software.