Fraudsters are running dedicated phishing campaigns targeting members of online dating sites, say net monitoring firm Netcraft [23 June 2014]

Fraudsters launch mass phishing attacks against online dating website members. Account holders of Match.com, eHarmony, Zoosk, Plenty of Fish and Christian Mingle and many others have received an increase in phishing emails designed to steal login details said the company.

The emails had been sent from other websites, hacked by cybercriminals to hide the senders’ identity.

The company who analysed the attacks said the phishing campaign against dating sites marked a departure for fraudsters, who typically preferred to target banks.

Fraudsters want genuine accounts

Online dating fraud is often orchestrated by criminal gangs who use fake profiles to trick victims into developing long distance relationships. Once the fraudsters have gathered enough sympathy and trust from a victim, they will exploit this by claiming they need money to pay for travel costs, or to afford medical treatment for a family member. After the money has been stolen, the criminals will make up further reasons why they need more money. In some cases, the fraudsters blackmail their victim into sending money – if the victim has sent any explicit photos or videos to the criminals, they may threaten to send them to the victim’s friends and family.

The amount of money involved in these scams can be considerable. In 2011, a woman in Britain was tricked into sending more than $59,000 to a pair of fraudsters who pretended to have inherited millions of dollars from a military friend in Nigeria. The fraudsters – who were actually a mother and daughter in America – managed to net more than a million dollars before being jailed in 2013.

While many online dating sites take measures to identify fake profiles, phishing for genuine established accounts gives fraudsters the edge.

Some dating sites only allow messages to be exchanged with other users after a subscription fee has been paid; by compromising existing paid accounts, the fraudsters can reduce their traceability by avoiding the need to make payments.

Once the fraudsters get hold of your login information it can be used to befriend other users. Using the dating websites messaging system the fraudsters build sympathy and gather trust from victims and exploit this by claiming they need money to pay for travel costs, or to afford medical treatment for a family member.

You should always be careful about the information you share with anyone you meet online. This not only includes credit card details and where you bank, but also your pets’ names or your mother’s maiden name, as these could be used against you to access financial information.

If you think a profile is fake, check the website for details and report it.