Dating apps and websites have become a hotbed for fraud and abuse, as attackers exploit these digital channels to dupe unsuspecting users of their money with fake investment proposals. The Arkose Labs detected four million attacks on dating platforms in 2020
At a time when in-person meetings are severely restricted due to the coronavirus pandemic, dating apps and websites are making it possible for people to search for partners. Online dating apps are particularly popular because of their ease of use. Consumers can just download them, snap a few pictures, input some personal information and start matching. Often, they do not require more than an email address to create a profile.
Online dating fraud and abuse is largely human-driven
According to our Q1 2021 Fraud and Abuse Report, online dating was among the most attacked industries in 2020 and was under a relentless siege of fraud. Most of the attacks on online dating platforms were focused on account takeovers that would facilitate phishing and scamming downstream. Fraudsters relied on human-driven attacks because interacting with users and responding to their messages requires nuanced human behavior which bots are not often capable of. As a result, 78% of online dating fraud and abuse were human-driven.
Fraudsters target users of dating apps with investment scams
Recently, the Interpol (International Criminal Police Organization) has warned users of investment scams on the dating apps, where fraudsters are swindling money from genuine users on the pretext of investment proposals, which, of course, are fake. The agency has also issued a purple notice to all of its 194 members detailing out the modus operandi of this online dating fraud and abuse.
In these investment scams, fraudsters connect with potential victims on the online dating apps and spend some time building trust. Once the trust is established, fraudsters lure the victims to join them in a financial venture that promises lucrative returns.
As part of the game plan, fraudsters share investment tips and convince their victims to download fake trading apps and sign up for financial products that would help them grow their money. The scam is carefully planned— complete with fake screenshots of fraudulent websites, phishing emails, and even fake customer service agents explaining various fictitious financial products—such that the entire process looks legitimate. However, as soon as the victims ‘invest’ money, they are locked out of their ‘investment’ accounts with no traces of the fraudsters or the customer service agents. Since the victims authorize these payments themselves, there is little chance of retrieving the money.
Through online dating fraud and abuse, fraudsters are not only robbing their victims of hard-earned money but also exploiting people’s loneliness. For instance, in a reported incident in the UK, a user recorded an intimate video session on an online dating channel and blackmailed the victim into paying money, threatening to share the recording with the victim’s family and friends. All these activities can severely impact the trustworthiness of online dating platforms. Therefore, online dating platforms need adequate checks to prevent attackers from vitiating the online dating ecosystem.
Shut the entry gates on the attackers
In a complicated threat landscape where attackers leverage the latest technologies and use a combination of bots and humans for online dating fraud and abuse, digital dating platforms cannot rely on traditional fraud mitigation techniques that can leave them plugging in the gaps after the attackers. This not only fails fraud prevention efforts but also degrades user experience.
Further, online dating platforms cannot use the same yardstick to assess every user. They need a mechanism that uses targeted friction to accurately identify and stop attackers. This is important to allow good users to continue with their digital journeys without affecting their user experience while detecting and stopping malicious users early in their tracks. This must begin at the point of entry—the new account creation and login stages.
Assess the risk and use targeted friction to stop attackers
The Arkose Labs platform enables online dating platforms to monitor new account creation and logins to help identify bad actors and shut the entry gates. Depending on the risk assessment of the users, they are presented with a 3D enforcement challenge. While authentic users face no problem solving these challenges, bots and scripts fail instantly.
For persistent, malicious users, the platform uses targeted friction to ensure they cannot solve the enforcement challenges en masse. These 3D puzzles are rendered in real-time and keep increasing in complexity to sap the attackers’ time and resources to such an extent that the business model of fraud is bankrupted and attackers are forced to move on. Arkose Labs also shares the data signals to help online dating platforms identify and ban returning attackers, ensuring long-term protection.
To learn how this multi-tiered approach enables dating apps and websites to protect their users from online dating fraud and abuse, book a demo now.
*** This is a Security Bloggers Network syndicated blog from Arkose Labs authored by Sam Nik-Pay. Read the original post at: https://www.arkoselabs.com/blog/broken-hearts-stolen-wallets-the-steady-stream-of-fraud-on-digital-dating-platforms/