Swipe left or right, social engineering attacks await this Valentine’s Day
Cybercriminals use social engineering attacks to target the most vulnerable victims. While the collection of information is normally from the social media sites of a victim, some cybercriminals are now leveraging dating apps to get more victims.
When online dating first started more than two decades ago, many were skeptical of the idea. What initially started through emails, texting, and chat platforms soon blossomed into a whole new industry.
Today, there is a myriad of applications, both on mobile and desktop, that enables anyone to have a chance at love. By accessing user data and preferences, these apps match you with potential candidates. But this is where the problem can begin for many users.
When the COVID-19 lockdowns reduced physical meet-ups, a research report by Kaspersky also showed that18% of the 1,007 adults surveyed to represent Southeast Asia use social media mainly to find romance and the majority (76%) confirms that social media has provided them a vital connection during the global health emergency.
However, Cybercriminals and scammers are always waiting to pounce on vulnerable targets, and dating apps have been proven to be a popular platform for them. According to the report, almost one in two (45%) victims in Southeast Asia have fallen for love scams and lost money online.
For instance, in 2021, law enforcement agencies from Singapore and Malaysia worked together to track down a group specializing in romance scams. The syndicate was allegedly behind at least eight scams in both countries, including the case of a 41-year-old Singaporean woman who ended up losing a total of $28,000.
While the older generations tend to be ones falling for love scams, the younger generation is also targeted. The report showed that nearly two in five senior age group respondents admitted to losing between US$ 5000 to US$ 10,000 to love scams.
“When we were younger, we tend to be more curious and a bit more reckless. When we become older, we have a lot of time in our hands and, usually, retirement funds in our bank accounts. Cybercriminals know these realities as well as our human tendencies to be lonely and crave for the company when forced to be alone inside our houses,” said Chris Connell, Managing Director for the Asia Pacific at Kaspersky.
The problem gets more complicated as cybercriminals are also now using dating apps to learn more about their victims to potentially launch a ransomware attack on the organization they work for. Cybercriminals use social engineering attacks to get a lead to ransomware attacks on an organization.
For example, a person on a dating app shares their employment details and such. Scammers would dig out more information from them and eventually use the information to launch an attack on the company they work for without the person even realizing it.
Phishing is the most common type of social engineering
Phishing attacks occur when malicious actors send messages pretending to be a trusted person or entity. And this is very common on most online dating sites or applications. Phishing messages manipulate users into performing actions like installing a malicious file, clicking on a malicious link, or divulging sensitive information such as login credentials.
Since these attacks are specifically designed to exploit the human nature of wanting a good deal, it is extremely important to prevent these attacks from ever reaching their desired victims – because just one “wrong click” or swipe on a profile may cause tremendous damage.
Check Point Research (CPR) reported that there has been a spike in malicious activity targeting Valentine’s Day shoppers. In January 2022, CPR documented a 152% jump in domain registrations themed around Valentine’s Day, where 6% were deemed malicious. 55% of those domains were marked suspicious.
“Cybercriminals are going after Valentine’s Day shoppers intensely this year. We’ve seen a staggering 152% jump in domain registrations themed around Valentine’s Day in January, where a good amount of those domains are either malicious or suspicious. Cybercriminals are looking to take advantage of the moment. They aim to dupe shoppers into making ‘purchases’ on their sites, but it’s a decoy to steal personal information, which could lead to a whole host of problems for victims,” commented Omer Dembinsky, Data Group Manager at Check Point Software.
Despite the increased number of dating apps and services, the reality is, users need to be vigilant when using such services. Be it swiping profiles on Tinder or buying a bouquet online, these apps collect data that may be used against their real purpose.
For some, the offers and relationship opportunities may be too good to be true. However, as tempting as they may sound, users must always take extra precautions to avoid being scammed.
- DHL: Recalibrating logistics, supply chains in a post-Covid era
- Rockwell Automation is striving in SEA, with huge potential in Vietnam, Malaysia
- Data protection is vital: 85% of Singaporeans concerned about how companies use their data
- HPE delivers the world’s fastest, energy-efficient supercomputers at SC22
- Game on: iion launches ‘immersiion’