Online dating sites are being targeted in a new large-scale phishing campaign designed to trick members into handing over cash, according to online security firm Netcraft.
Match.com, eHarmony, Lavalife, Zoosk, SeniorPeopleMeet and Christian Mingle have all been hit by the attack, in which cyber criminals look to compromise existing user accounts to commit online dating fraud.
Typically this involves the hacker hiding behind a fake profile in order to strike up relationships with other members. After having gained their trust over a period of time the hacker will try to exploit their relationship by asking for money for medical treatment or an important trip.
Hackers can also try to blackmail their victims if the latter has sent them any explicit photos previously.
The current phishing attack used a single compromised site to host over 860 fraudulent PHP scripts, most of them designed to steal usernames and passwords from online dating sites, revealed Netcraft security analyst Paul Mutton in a blog post.
“Each compromised server which hosts these scripts acts merely as a ‘dropsite’ in the fraudsters' phishing campaigns,” he added.
“Rather than displaying any phishing content, the server simply accepts values that have been submitted from elsewhere, such as a form hosted on another website or within a phishing email. The victim is then immediately redirected to the legitimate website, most likely without realising that his credentials have just been transmitted to a different website.”
While the cyber criminals in this campaign are mainly attacking online dating sites, Netcraft also observed them targeting webmail platforms like Yahoo and Gmail in order to steal user credentials.
“Email accounts are often shut down after the provider notices they have been used for fraudulent purposes, so ensuring a fresh supply of compromised accounts gives fraudsters the opportunity to send even more phishing emails before the accounts get closed,” explained Mutton.
Online dating sites represent something of a departure from the more common phishing targets such as banks and social networking sites.
Just eight of the 862 fraudulent scripts discovered by Netcraft targeted banks.
Kaspersky Lab said in April that 31% of phishing attacks in 2013 were aimed at banks, while 35% hit social networks and 23% email providers.
Proofpoint EMEA director, Mark Sparshott, warned that other cybercrime gangs may try to exploit the publicity around the online dating site attacks by sending fake emails to users claiming to come from one of the affected sites.
“The fake emails highlight the security breach, ask theuser to click a link and reset their password and of course attack their device all over again compounding the problem,” he said.
Users should not click links in any emails but instead type the name of the site directly in their browser, if they want to change passwords, Sparshott recommended.