The bots have been using fake profiles to tempt users into unwittingly clicking a dangerous link.
The profiles are designed to be tempting to the lonely heart, with profiles that show attractive photos. When the user clicks the ‘like’ button, the bot sets to work by engaging the user in an automated conversation, typically:
“Hey, how are you doing? I’m still recovering from last night J Relaxing with a game on my phone. Have you heard about it? (website link). Play with me and you might get my phone number.”
The bots have cunningly made the website link appear legitimate by using the URL of the dating site, but once you click on the link it’s too late to do anything, and your computer is wide open to abuse from crime ware and cybercriminals.
Anti-virus company Bitdefender Labs said the Castle Clash scam was used more in the US, while in the UK British users are tricked by fraudulent surveys promising shopping vouchers for Tesco and Asda.
Tinder has been quick to reassure its users: “Ensuring an authentic ecosystem has always been and will continue to be our top priority,” they said in a company statement. They went on to say that the companies mentioned in the scam, Castle Clash developer IGG and a photography studio in Arizona, where the bogus profile pictures were stolen from, were also aware of the issue.
The message is clear, however lovelorn you are, be careful what you click on.