To bear out the risks, we delved into various online dating networks, which initially included Tinder, Plenty of Fish, Jdate, OKCupid, Grindr, Coffee meets Bagel, and Love Struck.The first stage of our research seeks to answer these main questions: In almost all of the online dating networks we explored, we found that if we were looking for a target we knew had a profile, it was easy to find them.

It can be as vanilla as a classic phishing page for the dating app itself or the network the attacker is sending them to.

And when combined with password reuse, an attacker can gain an initial foothold into a person’s life.

They arrived just fine and weren’t flagged as malicious.

With a little bit of social engineering, it’s easy enough to dupe the user into clicking on a link.

We then created profiles in various industries across different regions.

Most dating apps limit searches to specific areas, and you have to match with someone who also ‘swiped right’ or ‘liked’ you.

Location is very potent, especially when you consider the use of Android Emulators that let you set your GPS to any place on the planet.

Location can be placed right on the target company’s address, setting the radius for matching profiles as small as possible.

With the ability to locate a target and link them back to a real identity, all the attacker needs to do is to exploit them.