Sample dating profile message
Profiles with specific job titles naturally attracted more attention.
We also employed a few house rules for our research—play hard to get, but be open-minded: The goal was to familiarize ourselves to the quirks of each online dating network.
We also set up profiles that, while looking as genuine as possible, would not overly appeal to normal users but entice attackers based on the profile’s profession.
That let us establish a baseline for several locations and see if there were any active attacks in those areas.
The honeyprofiles were created with specific areas of potential interest: medical admins near hospitals, military personnel near bases, etc.
They arrived just fine and weren’t flagged as malicious.
With a little bit of social engineering, it’s easy enough to dupe the user into clicking on a link.
To bear out the risks, we delved into various online dating networks, which initially included Tinder, Plenty of Fish, Jdate, OKCupid, Grindr, Coffee meets Bagel, and Love Struck.
The first stage of our research seeks to answer these main questions: In almost all of the online dating networks we explored, we found that if we were looking for a target we knew had a profile, it was easy to find them.
They could also use an exploit kit, but since most use dating apps on mobile devices, this is somewhat more difficult.