It's time for a risqué subject: looking for love on the internet. With a myriad services promising chemistry-driven matches, dating game contestants have flocked to web services and apps. Despite this proliferation of new avenues, those in a particular rush to find company (in the form of 'No Strings Attached' encounters) have turned to a more familiar and less regulated referral service, Craigslist.
Unfortunately, the probabilities of communicating with another human being are astronomically low thanks to the high saturation of bots and spamming services. The fake listings are almost exclusively targeted at a male audience interested in immediate availability and promise a multiple amenities for making fantasies come true. Upon responding to the listing, the user receives several staggered responses from different 'women' (including pictures) claiming that they'd like to meet, demanding pictures in return, and stating their less-than-demanding criteria for meeting up in person.
A cybercriminal's motivation is almost exclusively monetary and this is no exception. Tapping into theprudent fear of meeting someone off of the internet for a private interaction, the user is directed to a custom 'verification site' where they are given the opportunity to prove their age and good intentions... for a fee.
As if passing themselves off as eager women weren't enough, the cybercriminals employ other social engineering tactics like claiming a variety of well-known safety and security certifications as well as mainstream media exposure.
Interestingly, while the spam emails are the same, the domains keep shutting down and being replaced by new ones, each designed with a similar template and registered under a whois privacy guarding service. These templates are being used for websites targeted at both U.S. and U.K. users.
As if paying 99 cents to arrange a non-existent meeting weren't enough, there are reports that subsequent charges are made for embarrassing subscription services in amounts far surpassing the verification fee.
Knowing that these sorts of social engineering threats are best thwarted by the user's judgment, Kaspersky Lab is committed to educating users to avoid high risk situations. There are several red flags one should look out for in this situation:
- Scams like these skirt the edge of acceptable online interactions by emulating legitimate resources like social networks, displaying fake indicators of trust like secure website logos, or even claiming mainstream acceptance through would-be endorsements from recognizable news channels.
- Similarly, users should be wary of 'bot behaviors', as in the case of email correspondences where replies are not cogent and do not flow naturally.
- Finally, while the allure of meeting new people for quick encounters may be enough for some to set their better judgment aside, providing credit card information should always be a red flag when dealing with little known services of questionable intent.
You can follow me on twitter: @juanandres_gs