Slashdot Mirror

← Back to Stories (view on slashdot.org)

Make a Date With Fraud

Posted by timothy on from the hey-at-least-it's-a-date dept.

Rambo Tribble (1273454) writes "Netcraft is reporting that criminals are mounting massive phishing attacks through online dating sites. The scams are numerous and target multiple sites. Actual methods range from blackmail to 419-style scams. Characteristically, fraudsters hijack an existing account on one of the services, then use that as a portal to deliver a PHP script to compromise the site. 'The latest attacks make use of a phishing kit which contains hundreds of PHP scripts, configured to send stolen credentials to more than 300 distinct email addresses.' The BBC offers additional insights ."

61 comments

  1. Online dating losing market share by xenoc_1 · · Score: 0

    Netcraft confirms it.

    1. Re:Online dating losing market share by Anonymous Coward · · Score: 1

      You can catch a virus from on-line dating.

    2. Re:Online dating losing market share by Raseri · · Score: 0

      In before "Netcraft confirms --"

      Well, fuck.

      --
      Writhe your naked ass to the mindless groove.
  2. That explains it by Nidi62 · · Score: 5, Funny

    I wondered why my date had me show up with a $50,000 money order......

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    1. Re:That explains it by Anonymous Coward · · Score: 0

      She probably only showed you pictures of her face, too. Pictures that were 5 years old.

    2. Re:That explains it by TapeCutter · · Score: 1

      The money didn't upset me, it was the fraudulent photos they use as bait.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    3. Re:That explains it by Anonymous Coward · · Score: 0

      Did you check her Open Sores profile first?

      [url]https://www.youtube.com/watch?v=8ZNfJqFuIw8[/url]

    4. Re:That explains it by Anonymous Coward · · Score: 0

      She saw your selfie. I'd have demanded $50,000 for a date, too.

  3. In other words: Date-site security sucks... by gweihir · · Score: 4, Insightful

    Nothing surprising here, the date sites are just attacked because the operators are to dumb do make their site secure and there are a lot of people there. Any other type of site with the same characteristics is equally a target, the connection to "dating" is pure coincidence.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:In other words: Date-site security sucks... by Anonymous Coward · · Score: 1

      This comes as no surprise as most 'legitimate' dating sites are scams anyway.

    2. Re:In other words: Date-site security sucks... by Anonymous Coward · · Score: 1

      Operators are not dumb, management is cheap and they want everything done 5 hours ago. I know.

    3. Re:In other words: Date-site security sucks... by rHBa · · Score: 2

      If you read the Netcraft article you'll see that the summary is wrong. All it is is a phishing kit that's hosted on some other compromised server.

      It's nothing to do with the dating site's security, more to do with the tech savy of their users.

    4. Re:In other words: Date-site security sucks... by gweihir · · Score: 1

      From my experience, it is a combination of dumb operators and dumb management in most places. Finding either competent operators or competent management but not the other is exceedingly rare.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:In other words: Date-site security sucks... by ortiooo · · Score: 1

      These sites get attacked partly because users of dating sites usually have dumb passwords... And I always say to this: passwords should make way for 2FA! It seems difficult for a common user, but in fact 2FA world’s most convenient authentication method

  4. Target audience. by xxxJonBoyxxx · · Score: 4, Funny

    Hmmm...posted to SlashDot...on a Friday night.

    1. Re:Target audience. by Anonymous Coward · · Score: 0

      Same thing we do every Friday Night, JonBoy, try to Find A Date!

    2. Re:Target audience. by Anonymous Coward · · Score: 0, Funny

      Off Already, such an unconventional name! Would date.

    3. Re:Target audience. by TapeCutter · · Score: 0

      Hmmm....it was posted Saturday morning in Oz.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    4. Re:Target audience. by Anonymous Coward · · Score: 0

      No it was definitely posted on Friday night to Slashdot, you're reading it on Saturday morning in Oz.

    5. Re:Target audience. by The+New+Guy+2.0 · · Score: 1

      Right night to post a dating alert... if you don't have a steady girlfriend, how are you going to meet her? The best way is to find the people you deal with too much... you know, like somebody who helps you too much at your favorite store or restaurant.

    6. Re:Target audience. by Anonymous Coward · · Score: 0

      Nobody ever talks to me, insensitive clod!

  5. Parasite Entry? by LifesABeach · · Score: 4, Interesting

    Looking at the code provided by NetCraft, and RTFA, it looks like a bogus php $_post transaction is sent to a php web service? So if the web service doesn't verify the inputs, then that would be an entry point where a script vectors in? I guess the real question is, "How to prevent a PHP script being executed when it is being read in as an $_post element? Another question is, "What command sequence causes this?"

    1. Re:Parasite Entry? by rHBa · · Score: 1

      How to prevent a PHP script being executed when it is being read in as an $_post element?

      Simple, don't:

      <?php
      eval($_POST['unvalidated_user_data']);
      ?>

      (in fact don't eval at all, if you need eval you're usually doing something wrong)

      Having RTFA, I interpreted it slightly differently. I think the supplied PHP code is uploaded to another, previously compromised server and it is used to send out phishing emails.

      The unwary user then enters their login details on the compromised server (or if they are using an email client that displays HTML forms(!), within the email) the data is then sent to the compromised server which forwards it on to the script kiddie. The user is then redirected to the real login page along with their POST data so when they arrive there they are automatically logged in, none the wiser...

    2. Re:Parasite Entry? by Antique+Geekmeister · · Score: 2

      And of course, XKCD has an excellent cartoon about just this sort of problem:

                    http://xkcd.com/327/

      It looks like little Bobby "Tables" has grown up, discovered herself, and changed her name and gender to Roberta "PHP".:

               

  6. So it's.... by Hsien-Ko · · Score: 4, Funny

    catphishing?

  7. Misleading title by charlesbakerharris · · Score: 2

    At first blush, I figured "Make a Date With Fraud" meant someone had set up an entire dating service designed to introduce people to, well, me. A bit sad to see it wasn't that, honestly.

    1. Re:Misleading title by MightyMartian · · Score: 1

      That would have been a much better article.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:Misleading title by charlesbakerharris · · Score: 1

      Great comeback, kid. Good try. Good effort.

  8. Is It Just Me? by Anonymous Coward · · Score: 1

    Anyone else misread the headline as "Make a Date With Freud"?
    What does this say about the relationship with my mother?

  9. No mention of Windows by Anonymous Coward · · Score: 0

    Can any of these exploits run without the presence of Microsoft Windows?

    1. Re:No mention of Windows by rHBa · · Score: 1

      Seeing as it's just a phishing kit that runs on any PHP enabled server, no, only Windows users are a prerequisite, not the OS itself. (Also an email client that displays functional HTML forms helps).

  10. Re:selfies or it didn't happen by Anonymous Coward · · Score: 1

    Sure, please show us where to go to start finding dates. You go to a bar, you get barflies (pick your STD.)

  11. Anything good ... by jklovanc · · Score: 2, Insightful

    Anything good can also be used for bad. If we don't do things because it could end up being use for bad then we don't do anything.

  12. Scammers always looking for a target by GoodNewsJimDotCom · · Score: 0

    Scammers are some of the scum of the Earth because they think it is okay to do evil to their fellow man if it benefits them monetarily.

    I used to use dating sites. Laugh it up, you're allowed. I lost a true love to stupidity once. Anyway in the process of using dating sites for 3 years, I would only get about a 1/70 ratio of people I message. One girl came on strong with a pet nam and I was a little worried, but hey I'll talk with whoev until it gets weird. Anyway it culminates with her being stuck in the UK and no way to get a plane ticket to the states unless I sent her money. I called her out that this sounds like a scam, and that was the last I ever heard from her.

    Anyway, one of the reasons for me stopping to use dating sites is that if God has someone for me, he'll hook me up, otherwise, I can work my butt off and have more to help the poor. There's more to life than just getting married and raising kids, though that is a cool part of it.

    --
    God spoke to me
    1. Re:Scammers always looking for a target by Anonymous Coward · · Score: 2, Funny

      What if God has someone for you and created online dating sites to hook you up?

    2. Re:Scammers always looking for a target by GoodNewsJimDotCom · · Score: 1

      That's a possibility, but I'm just done with them for now at least.

      --
      God spoke to me
    3. Re:Scammers always looking for a target by Swave+An+deBwoner · · Score: 1

      He is not going to like that.

    4. Re:Scammers always looking for a target by GoodNewsJimDotCom · · Score: 1

      Well He's God, He saw it coming. He isn't surprised.

      --
      God spoke to me
    5. Re:Scammers always looking for a target by Anonymous Coward · · Score: 0

      How did a troll like you manage to get the privilege of +2 posting?

      roman_mir would probably pay you for some lessons.

    6. Re:Scammers always looking for a target by Haoie · · Score: 1

      1/70? Ouch.

      Call it hindsight but maybe you should've been more selective in who to contact. You may have been writing to all the wrong people who have nothing in common with you.

      Good luck for the future.

      --
      If each mistake being made is a new one, then progress is being made.
    7. Re:Scammers always looking for a target by nukenerd · · Score: 3, Interesting

      Anyway in the process of using dating sites for 3 years, I would only get about a 1/70 ratio of people I message.

      Is that 1 in 70 reply, 1 in 70 you meet, or 1 in 70 you get to do whatever? I was in a dating club (pre-internet - it was letter based). Got about 25% replies, met about 5%, further dates with about 2%, went steady (as it was called, not the same as a LTR) with 1%, married 0.2%.

      Someone said you should have been more selective in who to contact. I started that way, looking for certain personalities, but got very few replies; then I just wrote to all that were in a 5 year age bracket and not taller than me (there were no photos in that club). Suprisingly, I got on very well with girls who were quite opposite to me - dimmer and more outgoing, including an ex- Bunny Girl (not as exciting as you might think). FWIW I was mentally stable, not nerdy, quite well off, and not all that bad looking - which is assumed to be what girls look for, but it cetainly isn't, not these days anyway.

      one of the reasons for me stopping to use dating sites is that if God has someone for me, he'll hook me up

      I never met any girl outside of dating clubs, and by "met" I mean to have a social conversation > 10 seconds. It remains a mystery to me how people meet each other any other way.

    8. Re:Scammers always looking for a target by Anonymous Coward · · Score: 0

      if God has someone for me, he'll hook me up

      God gave you legs so you can move your own ass around. If you're waiting for God to hand-deliver something you're going to die without it.

    9. Re:Scammers always looking for a target by Anonymous Coward · · Score: 0

      > Got about 25% replies

      Bullshit. As someone that has done online dating since 1989 on IRC and has worked for three of the larger online dating sites, that is complete and utter bullshit. I have my messages honed to a fine edge from decades of refinements, and I've learned from looking at thousands of messages sent from the most successful men on these sites. I only have about a 0.75% response rate. The last guy's account I looked at that had the highest response rate because he looked like Eric Bana and is CEO of a Fortune 1,000 company, had less than one fifth of your claimed response rate. You're absolutely full of shit. You're not going to find 25% of a random sampling of women that are interested in men and go to the trouble to reply, much less 25% that will reply to the same person. As OkCupid proved (http://blog.okcupid.com/index.php/your-looks-and-online-dating/), only 20% of women find men on onine dating sites attractive. The odds that one of those 20% logged back into read your message, liked it, and spent the time to reply are not 125% like you claim. That's impossible.

      > met about 5%

      Again, bullshit. There are some days I've sent more than a hundred messages. Again, I've done this for twenty-five years. As a wild guess, I've contacted 60,000 women over the years, and I've only met one in person. That's a 0.00167% success rate. Your claim is that you are almost 3,000 times more effective? Complete and utter bullshit. I might believe five times more because I've lived in Seattle for twenty years, and the women here are simply not interested in men. I don't have a single straight friend or coworker here that I know that has been on a date.

      > further dates with about 2%

      So you claim a second date 40% of the time after the first. That seems unlikely. Several surveys I've seen put that number at 5% so you're claiming to be eight times more effective than the average guy.

      > went steady with 1%

      So your claim is that half of the time you can get a second date that you have a long term relationship? Again, unlikely.

      It sounds as if you are shilling for dating sites. We are an order of magnitude worse than what you describe for even the best looking guys.

    10. Re:Scammers always looking for a target by Anonymous Coward · · Score: 0

      I've contacted 60,000 women...

      Impressive. I keep up with my contacts in a spreadsheet, and I only have 10k contacts and have worked very hard for many years. I kept track of every contact because I wanted to run correlation coefficients to find what worked. Since I haven't met a single girl yet from a dating site, I don't have any way of figuring-out what works! All of my hard work tracking has been useless. It's depressing.

      And, to the GP: you're a full of shit wanker for trying to make us normal guys feel bad. The 25% reply rate is fucking ridiculous. If you had gone with 2.5% you would have been more believable and be more effective at your goal of making us feel bad.

    11. Re:Scammers always looking for a target by nukenerd · · Score: 1
      Wow, don't know where to start here - someone who has worked for dating sites too.

      > Got about 25% replies

      Bullshit.

      I believe you are thinking of dating websites. I was clear I was talking about my experience on letter-based dating clubs, FWIW. Maybe some difference there.

      You're not going to find 25% of a random sampling of women that are interested in men and go to the trouble to reply... As OkCupid proved only 20% of women find men on onine dating sites attractive. The odds .... are not 125% like you claim. That's impossible.

      It was not a random sample of women. They were women who by joining the scheme had expressed a wish to meet a guy, and I mostly wrote to ones sounding suitable in terms of age, attitude, culture etc. I would not have written to one eg who said they only wanted a vegetarian guy, or a guy over 6ft tall, which I am not. And presumably, women who don't find men on on-line dating sites attractive don't join on-line dating sites, so they do not enter the equation or your percentages at all.

      I've contacted 60,000 women over the years, and I've only met one in person. That's a 0.00167% success rate.

      ..and I thought my luck was bad! I know several couples in my circle who met by online dating and my circle is not a large one. They certainly did not contact 60,000 . I am in the UK, if that makes a difference.

      .. you claim a second date 40% of the time ... unlikely. Several surveys I've seen put that number at 5% so you're claiming to be eight times more effective than the average guy.

      Don't forget that by the second date we had already been through quite a filtration process - typically an exchange of 3 or 4 letters and photos on top of the basic factual details in our listings. Don't think the average guy does that.

      > went steady with 1%

      So your claim is that half of the time you can get a second date that you have a long term relationship?

      No, I did not claim that. A LTR means living like in marriage, usually co-habiting and with routine sex. I only claimed I "went steady". Does the term no longer exist? It means a friendship such that neither of us were looking for a relationship elsewhere at the time, were seeing each other only once or twice a week, and were not necessarily having sex together yet.

      Strange attitude that only about 20% of women find men on onine dating sites attractive. I have come across many things thay make people unattractive - bad breath, bad complexion, bad teeth, bad attitude, poor figure, limp personality .... but being a member of a dating club ??? WTF has that got to do with attractiveness? Is there an assumption that you must be unattractive to be in a dating club? Not what I found, the girls I met had joined out of circumstances - like me, for one reason or another, they never met anyone of the opposite sex of similar age and unattached. Some I met were extremely attractive, although I met some ugly ones too; typical cross-section really.

    12. Re:Scammers always looking for a target by Anonymous Coward · · Score: 0

      I never met any girl outside of dating clubs, and by "met" I mean to have a social conversation > 10 seconds. It remains a mystery to me how people meet each other any other way.

      Learn to dance. You get 2-3 minutes to talk with her, so long as the music isn't too loud.

      DJs with dance experience play music at reasonable levels. Live bands rarely do, since the average musician can't figure out how to operate a sound level meter and is too deaf to know what a reasonable sound level is. So avoid the bands unless you like poor odds.

  13. Not the only danger. by Anonymous Coward · · Score: 0

    It is unclear whether a successful date may end up eventually costing you more than a phish. E.g., phishing has never caused alimony or STDs.

  14. Anything good ... by Anonymous Coward · · Score: 0

    This. I've just transferred $25k to this Nigerian princess I met on a dating site and as soon as the bank clears it I'll be rich.

  15. heh - this reminds me of my brief time on myspace by Anonymous Coward · · Score: 0

    shortly after I started an account, I got a friend request or whatever they called it from an unbelievably good looking young woman. On a scale of 1-10, she was a 12.

    I replied to her asking if she was for real.....she never responded.

        I'm still a bit curious about what the scam would have been though. Would she have met with me and just asked me to loan her money that she would never pay back? Could it have been something else? I dunno.

    I also got a letter from a Nigerian prince. He seems very sincere.

  16. Re:selfies or it didn't happen by nukenerd · · Score: 2

    Dating sites, where you go when you want to be judged by your selfies. Looking to meet someone with similar interests? Look elsewhere, loser.

    Here we go : cue posts saying "My mother told me never to trust anyone I meet on a dating website".

    Here's some more helpful advice :-

    Never trust anyone you meet in a bar
    Never trust anyone you meet in a theatre
    Never trust anyone you meet at a party
    Never trust anyone you meet in the street
    Never trust anyone you meet on holiday
    Never trust anyone you meet if arraged by a friend
    Never trust anyone unless you already knew them before you were born

    Perhaps you would like to advise us where this "elsewhere" is exactly, I never found it. Do you know, when you actually meet someone (whether through internet dating or "elsewhere") you get to see what they actually look like anyway? If they look like Jo Brand (and that's not your thing), or they ask for money (and that's not your thing either) you walk away.

  17. Re: selfies or it didn't happen by speedc0re · · Score: 0

    I would trust any random woman I met online more than I trust my ex wife.

  18. So the sites aren't fraud themselves? by Anonymous Coward · · Score: 0

    I've always read that the sites themselves are fraud, having employees contact people just before their paid subscriptions end to make them think someone is interested and extend their subscriptions.

  19. Mail-Order Brides by Anonymous Coward · · Score: 0

    It seemed that every time I used a dating site, the only women that would message me were foreigners looking for a U.S. citizen to ship them over here and marry them.

  20. Plan B by DoofusOfDeath · · Score: 1

    If you can't make a date with fraud, you should at least shake hands with danger.

    (One of the funnier RiffTrax imho. Worth the purchase price.)

  21. Re:selfies or it didn't happen by Average · · Score: 1

    "Never trust" is an exaggeration. It's not a binary.

    "Never trust anyone you meet at a party" is a very weak, nearly joking, version of 'never trust' Date them, but don't immediately trust them.

    "Never trust some klatch of Ghanaian scammers who you've never actually met in person so much that you send them your entire life's savings and in fact go wildly into debt sending them more money" (as is the advice my uncle got repeatedly and ignored repeatedly) is a much stronger version of 'never trust'.

    - can't fix stupid
    -- but stupid eventually runs out of money (and credit)

  22. Re: selfies or it didn't happen by Optali · · Score: 1

    Another useful tip: Never get high on your own supply

    --
    -- 29A the number of the Beast