Staying safe online on Valentine’s Day

Credit to Author: Christopher Boyd| Date: Tue, 14 Feb 2017 10:00:48 +0000

With Valentine’s Day rapidly approaching, love is in the air and so are Valentine’s Day security tips blogs, of which this is one. While you dash out for a last-minute purchase of flowers and a “Happy 5th Birthday” card played as a gag because they were all out of romantic ones at the store, please keep the below tips in mind if you’re browsing the aisles of popular dating sites and apps. You’re probably familiar with some of them already, and many of the below are good for all manner of online activities. In no particular order…

1. Are you in my area?

Make sure the profile you set up on a dating network doesn’t have geotagging enabled, regardless of whether you created it on a website or through an app. Some dating sites base the location you initially enter to serve up a list of possible matches within a certain radius, but they don’t display the location info on your profile – get familiar with the granular controls on the dating site’s settings and make sure you understand the differences. Many mobile apps aren’t hugely clear about “which thing does what”, so if in doubt, disable a particular feature until you can be 100% sure. As a side-note, ensure you don’t have geotagging enabled on any photographs you upload – if in doubt, use a picture from a public location away from your main residence. You can also use online tools to check what EXIF information is stored in images you want to use and remove it if needed.

You’ll find some additional practical advice in terms of real world security on the Selfie Security blog we posted a few weeks ago. You should pay particular attention to not including location specific items in your photograph(s) such as bills with your address on them.

2. Hang on to your moneybags: social engineering tactics

Scammers setting up fake profiles then asking for money is astonishingly common, and it’s all to easy to be taken to the cleaners as a result. Just like 419 scams, romance fakers often use templates – or just lazily cut and paste Bot spam to reuse for their own purposes – and fans of dating sites should get into the habit of Googling common phrases, just to see if someone else is saying the same thing. If a wave of Susan J. Fakename is posting identical romantic overtures on six different sites, you can be sure it’s time to move along.

With regard to common scam angles, watch out for anything related to:

  • Sick relatives
  • Medical emergencies
  • Lost overseas and need a plane ticket
  • Lost passport and need a visa / replacement passport
  • Wallet stolen and no funds available
  • Coming to visit, but there’s a last minute ticket price hike and I need your help

On a related note, don’t ever let strangers send money to your bank account for any reason. They’ll probably get you to forward the cash on to someone else, and at that point, you’ve become a money mule.

That’s a criminal offence and will get you into trouble, by the way.

3. “Check out my other profile…”

Be cautious around links sent your way which direct you to another website, and be particularly careful around links to downloadable files. Scammers will often try and remove you from the relative safety of the service you happen to be using, directing you to links and files that the dating site you started with can’t hope to contain. That’s been a staple attack on social media sites for many a year, but it works with dating too.

If someone sends you shortened URLs, you can usually expand them to see where they end up. If you’re still not sure, try googling the link. If nothing still comes up to allow you to make an informed decision, you should just ignore whatever you’ve been sent – it isn’t worth the risk.

4. Remove that personal info

Don’t put your real name / age / location in your profile, email or anything else related to the dating site you’re on. Anonymous usernames are fine. You should also use a disposable email address when you sign up to a new dating service – not only will this keep people you’d rather not stay in touch with away from your main mailbox, it’ll also be obvious if a dating site decides to sell your email to spammers. This is a good trick to use outside of online dating, too.

5. Bots! Bots everywhere!

If you have an open private message system, you’ll likely receive many, many messages from people wanting to chat. Some dating websites will also send multiple daily messages to users via email claiming that persons x, y, and z would like to talk to you. They may even ask about cookie dough (and it better be delicious considering the eventual $118.76 monthly fee). Most dating bots will cycle through a canned script of a dozen or so phrases before claiming you need to be “verified” in some way. This will inevitably lead to a request for payment information. Don’t do it – if in doubt, contact the service you’re using and ask them about it directly. You’ve probably seen examples of this on blogs about Skype spam.

Bots will advertise everything from pornography to mobile games, and spammers commonly use images ripped from the net for their profile avatars. You can try and see if the picture is a stock photo by using the “Search Google for this image” option in your browser, or fire up TinEye to see what’s out there.

Bot accounts probably won’t have a realistic looking bio, or have links to profiles on popular social networks. If it looks cookie-cutter, there’s a good chance it might be. Feel free to see if they pop up across the web anyway and you’ll quickly learn if they’re one of a kind or part of a wave of identikit bots.

6. “Got any pics?”

Be wary of people asking for intimate photographs and / or video, as this is a surefire way to find yourself blackmailed into handing over lots of money. If you do pay the blackmailer, there’s no guarantee the images won’t be leaked anyway. There’s also the issue of revenge porn to consider, and the legal issues that will inevitably arise as a result.

Put simply: don’t do it.

Hopefully the above will help to keep you out of trouble while swiping left (or right? I have no idea), and here’s to a safe online Valentine’s Day experience for everybody.

 

Christopher Boyd

https://blog.malwarebytes.com/feed/