Slashdot Mirror

← Back to Stories (view on slashdot.org)

Make a Date With Fraud

Posted by timothy on from the hey-at-least-it's-a-date dept.

Rambo Tribble (1273454) writes "Netcraft is reporting that criminals are mounting massive phishing attacks through online dating sites. The scams are numerous and target multiple sites. Actual methods range from blackmail to 419-style scams. Characteristically, fraudsters hijack an existing account on one of the services, then use that as a portal to deliver a PHP script to compromise the site. 'The latest attacks make use of a phishing kit which contains hundreds of PHP scripts, configured to send stolen credentials to more than 300 distinct email addresses.' The BBC offers additional insights ."

33 of 61 comments (clear)

  1. That explains it by Nidi62 · · Score: 5, Funny

    I wondered why my date had me show up with a $50,000 money order......

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    1. Re:That explains it by TapeCutter · · Score: 1

      The money didn't upset me, it was the fraudulent photos they use as bait.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  2. Re:Online dating losing market share by Anonymous Coward · · Score: 1

    You can catch a virus from on-line dating.

  3. In other words: Date-site security sucks... by gweihir · · Score: 4, Insightful

    Nothing surprising here, the date sites are just attacked because the operators are to dumb do make their site secure and there are a lot of people there. Any other type of site with the same characteristics is equally a target, the connection to "dating" is pure coincidence.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:In other words: Date-site security sucks... by Anonymous Coward · · Score: 1

      This comes as no surprise as most 'legitimate' dating sites are scams anyway.

    2. Re:In other words: Date-site security sucks... by Anonymous Coward · · Score: 1

      Operators are not dumb, management is cheap and they want everything done 5 hours ago. I know.

    3. Re:In other words: Date-site security sucks... by rHBa · · Score: 2

      If you read the Netcraft article you'll see that the summary is wrong. All it is is a phishing kit that's hosted on some other compromised server.

      It's nothing to do with the dating site's security, more to do with the tech savy of their users.

    4. Re:In other words: Date-site security sucks... by gweihir · · Score: 1

      From my experience, it is a combination of dumb operators and dumb management in most places. Finding either competent operators or competent management but not the other is exceedingly rare.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:In other words: Date-site security sucks... by ortiooo · · Score: 1

      These sites get attacked partly because users of dating sites usually have dumb passwords... And I always say to this: passwords should make way for 2FA! It seems difficult for a common user, but in fact 2FA world’s most convenient authentication method

  4. Target audience. by xxxJonBoyxxx · · Score: 4, Funny

    Hmmm...posted to SlashDot...on a Friday night.

    1. Re:Target audience. by The+New+Guy+2.0 · · Score: 1

      Right night to post a dating alert... if you don't have a steady girlfriend, how are you going to meet her? The best way is to find the people you deal with too much... you know, like somebody who helps you too much at your favorite store or restaurant.

  5. Parasite Entry? by LifesABeach · · Score: 4, Interesting

    Looking at the code provided by NetCraft, and RTFA, it looks like a bogus php $_post transaction is sent to a php web service? So if the web service doesn't verify the inputs, then that would be an entry point where a script vectors in? I guess the real question is, "How to prevent a PHP script being executed when it is being read in as an $_post element? Another question is, "What command sequence causes this?"

    1. Re:Parasite Entry? by rHBa · · Score: 1

      How to prevent a PHP script being executed when it is being read in as an $_post element?

      Simple, don't:

      <?php
      eval($_POST['unvalidated_user_data']);
      ?>

      (in fact don't eval at all, if you need eval you're usually doing something wrong)

      Having RTFA, I interpreted it slightly differently. I think the supplied PHP code is uploaded to another, previously compromised server and it is used to send out phishing emails.

      The unwary user then enters their login details on the compromised server (or if they are using an email client that displays HTML forms(!), within the email) the data is then sent to the compromised server which forwards it on to the script kiddie. The user is then redirected to the real login page along with their POST data so when they arrive there they are automatically logged in, none the wiser...

    2. Re:Parasite Entry? by Antique+Geekmeister · · Score: 2

      And of course, XKCD has an excellent cartoon about just this sort of problem:

                    http://xkcd.com/327/

      It looks like little Bobby "Tables" has grown up, discovered herself, and changed her name and gender to Roberta "PHP".:

               

  6. So it's.... by Hsien-Ko · · Score: 4, Funny

    catphishing?

  7. Misleading title by charlesbakerharris · · Score: 2

    At first blush, I figured "Make a Date With Fraud" meant someone had set up an entire dating service designed to introduce people to, well, me. A bit sad to see it wasn't that, honestly.

    1. Re:Misleading title by MightyMartian · · Score: 1

      That would have been a much better article.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:Misleading title by charlesbakerharris · · Score: 1

      Great comeback, kid. Good try. Good effort.

  8. Is It Just Me? by Anonymous Coward · · Score: 1

    Anyone else misread the headline as "Make a Date With Freud"?
    What does this say about the relationship with my mother?

  9. Re:selfies or it didn't happen by Anonymous Coward · · Score: 1

    Sure, please show us where to go to start finding dates. You go to a bar, you get barflies (pick your STD.)

  10. Anything good ... by jklovanc · · Score: 2, Insightful

    Anything good can also be used for bad. If we don't do things because it could end up being use for bad then we don't do anything.

  11. Re:Scammers always looking for a target by Anonymous Coward · · Score: 2, Funny

    What if God has someone for you and created online dating sites to hook you up?

  12. Re:Scammers always looking for a target by GoodNewsJimDotCom · · Score: 1

    That's a possibility, but I'm just done with them for now at least.

    --
    God spoke to me
  13. Re:Scammers always looking for a target by Swave+An+deBwoner · · Score: 1

    He is not going to like that.

  14. Re:Scammers always looking for a target by GoodNewsJimDotCom · · Score: 1

    Well He's God, He saw it coming. He isn't surprised.

    --
    God spoke to me
  15. Re:Scammers always looking for a target by Haoie · · Score: 1

    1/70? Ouch.

    Call it hindsight but maybe you should've been more selective in who to contact. You may have been writing to all the wrong people who have nothing in common with you.

    Good luck for the future.

    --
    If each mistake being made is a new one, then progress is being made.
  16. Re:selfies or it didn't happen by nukenerd · · Score: 2

    Dating sites, where you go when you want to be judged by your selfies. Looking to meet someone with similar interests? Look elsewhere, loser.

    Here we go : cue posts saying "My mother told me never to trust anyone I meet on a dating website".

    Here's some more helpful advice :-

    Never trust anyone you meet in a bar
    Never trust anyone you meet in a theatre
    Never trust anyone you meet at a party
    Never trust anyone you meet in the street
    Never trust anyone you meet on holiday
    Never trust anyone you meet if arraged by a friend
    Never trust anyone unless you already knew them before you were born

    Perhaps you would like to advise us where this "elsewhere" is exactly, I never found it. Do you know, when you actually meet someone (whether through internet dating or "elsewhere") you get to see what they actually look like anyway? If they look like Jo Brand (and that's not your thing), or they ask for money (and that's not your thing either) you walk away.

  17. Re:Scammers always looking for a target by nukenerd · · Score: 3, Interesting

    Anyway in the process of using dating sites for 3 years, I would only get about a 1/70 ratio of people I message.

    Is that 1 in 70 reply, 1 in 70 you meet, or 1 in 70 you get to do whatever? I was in a dating club (pre-internet - it was letter based). Got about 25% replies, met about 5%, further dates with about 2%, went steady (as it was called, not the same as a LTR) with 1%, married 0.2%.

    Someone said you should have been more selective in who to contact. I started that way, looking for certain personalities, but got very few replies; then I just wrote to all that were in a 5 year age bracket and not taller than me (there were no photos in that club). Suprisingly, I got on very well with girls who were quite opposite to me - dimmer and more outgoing, including an ex- Bunny Girl (not as exciting as you might think). FWIW I was mentally stable, not nerdy, quite well off, and not all that bad looking - which is assumed to be what girls look for, but it cetainly isn't, not these days anyway.

    one of the reasons for me stopping to use dating sites is that if God has someone for me, he'll hook me up

    I never met any girl outside of dating clubs, and by "met" I mean to have a social conversation > 10 seconds. It remains a mystery to me how people meet each other any other way.

  18. Re:No mention of Windows by rHBa · · Score: 1

    Seeing as it's just a phishing kit that runs on any PHP enabled server, no, only Windows users are a prerequisite, not the OS itself. (Also an email client that displays functional HTML forms helps).

  19. Re:Scammers always looking for a target by nukenerd · · Score: 1
    Wow, don't know where to start here - someone who has worked for dating sites too.

    > Got about 25% replies

    Bullshit.

    I believe you are thinking of dating websites. I was clear I was talking about my experience on letter-based dating clubs, FWIW. Maybe some difference there.

    You're not going to find 25% of a random sampling of women that are interested in men and go to the trouble to reply... As OkCupid proved only 20% of women find men on onine dating sites attractive. The odds .... are not 125% like you claim. That's impossible.

    It was not a random sample of women. They were women who by joining the scheme had expressed a wish to meet a guy, and I mostly wrote to ones sounding suitable in terms of age, attitude, culture etc. I would not have written to one eg who said they only wanted a vegetarian guy, or a guy over 6ft tall, which I am not. And presumably, women who don't find men on on-line dating sites attractive don't join on-line dating sites, so they do not enter the equation or your percentages at all.

    I've contacted 60,000 women over the years, and I've only met one in person. That's a 0.00167% success rate.

    ..and I thought my luck was bad! I know several couples in my circle who met by online dating and my circle is not a large one. They certainly did not contact 60,000 . I am in the UK, if that makes a difference.

    .. you claim a second date 40% of the time ... unlikely. Several surveys I've seen put that number at 5% so you're claiming to be eight times more effective than the average guy.

    Don't forget that by the second date we had already been through quite a filtration process - typically an exchange of 3 or 4 letters and photos on top of the basic factual details in our listings. Don't think the average guy does that.

    > went steady with 1%

    So your claim is that half of the time you can get a second date that you have a long term relationship?

    No, I did not claim that. A LTR means living like in marriage, usually co-habiting and with routine sex. I only claimed I "went steady". Does the term no longer exist? It means a friendship such that neither of us were looking for a relationship elsewhere at the time, were seeing each other only once or twice a week, and were not necessarily having sex together yet.

    Strange attitude that only about 20% of women find men on onine dating sites attractive. I have come across many things thay make people unattractive - bad breath, bad complexion, bad teeth, bad attitude, poor figure, limp personality .... but being a member of a dating club ??? WTF has that got to do with attractiveness? Is there an assumption that you must be unattractive to be in a dating club? Not what I found, the girls I met had joined out of circumstances - like me, for one reason or another, they never met anyone of the opposite sex of similar age and unattached. Some I met were extremely attractive, although I met some ugly ones too; typical cross-section really.

  20. Plan B by DoofusOfDeath · · Score: 1

    If you can't make a date with fraud, you should at least shake hands with danger.

    (One of the funnier RiffTrax imho. Worth the purchase price.)

  21. Re:selfies or it didn't happen by Average · · Score: 1

    "Never trust" is an exaggeration. It's not a binary.

    "Never trust anyone you meet at a party" is a very weak, nearly joking, version of 'never trust' Date them, but don't immediately trust them.

    "Never trust some klatch of Ghanaian scammers who you've never actually met in person so much that you send them your entire life's savings and in fact go wildly into debt sending them more money" (as is the advice my uncle got repeatedly and ignored repeatedly) is a much stronger version of 'never trust'.

    - can't fix stupid
    -- but stupid eventually runs out of money (and credit)

  22. Re: selfies or it didn't happen by Optali · · Score: 1

    Another useful tip: Never get high on your own supply

    --
    -- 29A the number of the Beast