back to article Tinder porn scam: Swipe right for NOOOOOO I paid for what?

Crooks on Tinder are using online safety as a lure to trick users into unwittingly paying for adult content. Automated spam bots masquerading as Tinder users are supposedly tricking other users of the mobile dating app into visiting a malicious third-party website to “verify their profiles”. “The spam bots instruct the user …

  1. Destroy All Monsters Silver badge
    Headmaster

    Yeah, about that.

    explains Satnam Narang, senior security response manager at Symantec

    Did Symantec roll out the patches for the month-old "open door policy via antivirus" fucking-extreme-out-there-buggeration yet?

  2. Anonymous Coward
    Megaphone

    As a rule of thumb...

    When it comes to online payment never rely on links from 3rd party sources. This is what I've been teaching the people around me:

    "If you're shopping with Webshop A, then payment will only be done while you're still visiting Webshop A (and you'll be warned about redirects). If Webshop A suddenly sends you an e-mail with that really cool thing you want to buy then don't use those links. Instead: go to the website, find the stuff you want and then purchase it. It can be a drag (but think about all those other cool things you may find!) but it helps you to keep safe."

    1. Anonymous Coward
      Anonymous Coward

      Re: As a rule of thumb...

      "If you're shopping with Webshop A, then payment will only be done while you're still visiting Webshop A (and you'll be warned about redirects)."

      PayPal excluded, I assume...

      1. Dr. Mouse

        Re: As a rule of thumb...

        "If you're shopping with Webshop A, then payment will only be done while you're still visiting Webshop A (and you'll be warned about redirects)."

        PayPal excluded, I assume...

        And all the other payment gateways. It's less common than it was, but there are still sites which rely on a hosted payment page to minimise PCI exposure.

        Hell, one of my previous employers still used the "checkout" domain of their hosted ERP provider for any secure parts (checkout, payment, account management). I suspect this was to avoid paying for any decent certificates etc. but I always thought it looked rather unprofessional, and potentially scammy to the outside world.

        1. Ken Hagan Gold badge

          Re: As a rule of thumb...

          "I suspect this was to avoid paying for any decent certificates etc."

          More likely to avoid having to meet the (fairly detailed) requirements for handling payment card details. For a small company that doesn't do much business over the web, these requirements are more cost than they are worth. The downside of out-sourcing that facility to a third party is (as you've observed) the unprofessional look.

          In contrast, someone like Amazon that keeps (across independent transactions) not only your card details but the verification code, to make 1-click purchasing possible, probably has to prove that its IT security is better than the average bank.

          1. Anonymous Coward
            Anonymous Coward

            Re: As a rule of thumb...

            I think you will find that Amazon just accept the liability shift of processing the payment as "cardholder not present" and rely on their fraud detection systems.

          2. Dr. Mouse

            Re: As a rule of thumb...

            More likely to avoid having to meet the (fairly detailed) requirements for handling payment card details.

            I wan't clear. The website was hosted by the ERP provider as part of the system. There would have been no additional PCI requirements. All that would have been needed is a CNAME record and a decent SSL certificate.

        2. Crazy Operations Guy

          "rely on a hosted payment page to minimise PCI exposure."

          Not sure if PayPal supports it, but I've seen payment processors that will host a payment page for any website on their servers. It appears as a subdomain of the webshop, but is on secure PCI-compliant machines. All it takes is for a simple record to be added to the webshop's DNS and for the payment processor to cut a certificate for that subdomain (In my case, the payment processor was recognized as a trusted root CA by the big-name browsers, so it was free for them).

      2. P. Lee
        Facepalm

        Re: As a rule of thumb...

        >PayPal excluded, I assume...

        and "Verified by Visa"?

        Shock news: "Site mixing Adult content and social media is dodgy. More at 10."

      3. Dave 15

        Re: As a rule of thumb...

        Paypal is a whole different world of pain

        Used them for about 10 years to buy ebay stuff.

        Then suddenly they decided they think they need a copy of my passport... so my bank and my passport stored together on a server with heaven only knows what backdoors, security holes etc... no bloody chance.

        So now I can no longer use paypal for anything.

        Oh well, so now I can't use ebay either

        oh well

        so now both ebay and paypal have lost a customer.

        big deal for them I guess... but if others were only to follow suit it would be worth setting up something to replace them.

  3. This post has been deleted by its author

  4. Anonymous Coward
    Anonymous Coward

    I like the picture but could someone please explain what the dog has found to be excitedly splashing sand at it's balls?

    Asking for a friend.

    1. VinceH

      I'd assume hedgeporn - but he appears to be nowhere near a hedge. Is there such a thing as sandporn?

      1. Teiwaz

        sandporn?

        "Is there such a thing as sandporn?"

        Remarkably I was digging on the beach once as a kid, you what I found?

        A dead rabbit - So maybe not.

        1. allthecoolshortnamesweretaken

          Re: sandporn?

          Rule 34.

          1. Teiwaz

            Re: sandporn? Rule 34

            'War is good for business'? - So it's not the Rules Acquisition then?

            Ah, this one https://rule34.paheal.net/ - granted, I didn't uncover the entire rabbit corpse to check at the time (as I recall it was all I could do not to vomit).

            1. VinceH
              Facepalm

              Re: sandporn? Rule 34

              Wait, no, by sandporn I didn't mean porn about sand - which is what referencing Rule 34 would suggest. Hedgeporn is porn found in hedges, therefore sandporn is porn found in sand. Teiwaz seems to have understood that.

              1. Teiwaz

                Re: sandporn? Rule 34

                "Teiwaz seems to have understood that."

                (unaccountably chuffed) Yup!, thought that was obvious (hedgeporn,sandporn), I didn't understand Rule34 though, perhaps it's mistaken reference and the first google on the topic 'anything that exists, will have porn on it' - what, including coffee tables* and dead rabbits?

                * well in my case maybe, if it wasn't for the requirement to appear not a complete deviant ecchi hentai and possible danger to society.

      2. Huw D

        On the subject of hedgeporn...

        Relevant but NSFW,

        https://www.youtube.com/watch?v=AH7qdhiKZg4

    2. Teiwaz

      obviously

      "I like the picture but could someone please explain what the dog has found to be excitedly splashing sand at it's balls?"

      - Said dog is not excited, he's desperately trying dig a hole big enough to bury the credit card statements that just arrived...

    3. Displacement Activity
      Meh

      Still optional

      "excitedly splashing sand at it's balls".

      its balls.

  5. Anonymous Coward
    Anonymous Coward

    And the government still thinks it is a good idea to make us use our credit cards for age verification on any web site.

    1. phuzz Silver badge

      What could possibly go wrong?

    2. veti Silver badge
      Devil

      Nunno, clearly what we need is a government-issued identity card. Isn't that just what the Home Office has been telling us since Michael Howard's day?

  6. Bloodbeastterror

    Morons

    So after years of warnings these muppets enter not only personal details but also their ***CREDIT CARD*** number...?

    I have to say that I have zero sympathy. I won't go quite so far as to say that they deserve to be fleeced, but it's close...

  7. Dadmin
    Facepalm

    The REAL SCAM IS THAT...

    There aren't any real women on the Internet yet. Those are all men dressed as ladies. Real women are not scheduled to visit the Internet until July 2024. At that time I HIGHLY suggest that we be on our best behaviour. And put on some fucking PANTS! Jezz, guys, come ON! We can do this!

    1. Anonymous Coward
      Childcatcher

      Re: The REAL SCAM IS THAT...

      @Dadmin

      You had me so worried that I went and peeked under my wifes dress. (We met on the internet).

      Yep, shes a she.

      Buying her from her mum was the best £500 I ever spent.

      (and you all think I am joking).

      1. Baldy50

        Re: The REAL SCAM IS THAT...

        There's sex operations bud, can she reverse a car? That's a real test.

    2. Boris the Cockroach Silver badge

      Re: The REAL SCAM IS THAT...

      And just remember , any children you see on the internet are FBI agents.........

    3. PNGuinn
      Trollface

      Re: The REAL SCAM IS THAT...

      I suspect that there aren't any real men on the Internet yet either ...

  8. chivo243 Silver badge

    That's the long play scam

    "If the user does not cancel their free trials within the specified period of time, their credit card will be billed by three different adult websites for a total of US $118.76. Those directly running the ruse make money from affiliate fees from the promoted adult sites."

    How many people got caught by this? How many actually admitted to using Tinder, must be a lot to get a large enough sample to back trace the steps.

    1. Richard 12 Silver badge

      Re: That's the long play scam

      In order to cancel your have to visit the porn site's complaints office in person and fill out the requisite forms in triplicate.

      You'll find them on display in the lavatory, behind the door marked "Beware of the leopard"

  9. Magani
    Linux

    Cogit Ergo Sum of da time

    "...pictures of women dressed in lingerie ...designed to distract prospective marks from what’s really going on."

    Obviously based on the comment that males have a limited blood supply and are unable to run both their brains and their willies simultaneously.

    Penguins have enough of the vital fluid to go around

    1. TheMole

      Re: Cogit Ergo Sum of da time

      That's cos they have no willies.

  10. BinkyTheMagicPaperclip Silver badge

    Hardly a surprise, Tinder is full of bots

    Most of them refer you to a website to talk to rather than Tinder.

    Several of them try to get you off Tinder and on to Skype

    The most worrying one asked to meet up, right then, to a particular location nearby. It may have been a real person at the end of the line, but their picture was of a Russian model, so definitely fake. Not sure if that was either a prospective real life mugging/scam, or more probably asking you to send a 'deposit' of twenty quid so that you will 'definitely turn up'.

    It's pretty much essential, if it's not obvious that the user is a scammer, to use something such as Flamite so their pictures can be checked against known scammers or model pics..

    It's such an awful dating website, the algorithm has been broken recently for matching, and the app is poorly written. Unfortunately it's where the critical mass is, so it may still be worth using sometimes.

  11. D@v3

    nooope

    Being an (until recently) single man, I was curious about tinder, downloaded app.

    Step 1 - Sign in using Facebook.

    Didn't get any further than that.

  12. heyrick Silver badge

    I would say it's the oldest trick in the book, but I think distracted by the sexy practically predates language.

  13. Huw D

    Tinder

    It's a bit like Pokemon Go. Pratting about with your phone to find monsters in your vicinity.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like