Scamming unsuspecting lovers via dating sites is not uncommon, but people can usually spot a fake profile from a mile away. Compromising legitimate profiles is a much smarter, albeit more insidious, way to go. A new wave of phishing attacks across some of the largest dating sites on the Web make it very simple to compromise your login credentials and let your profile fall into the hands of scammers.
Lovelorn individuals on match.com, Christian Mingle, PlentyOfFish, eHarmony, Chemistry.com, SeniorPeopleMeet, Zoosk, Lavalife and other sites should take care, as malicious hackers have set their sights on phishing dating sites in particular. Researchers at the Netcraft Internet security blog discovered 862 phishing scripts making the rounds at popular sites, and only eight of them targeted banks.
MORE: 10 Best Dating Apps
The scripts themselves run fairly standard phishing scams. After acquiring email addresses from members of dating sites, the script sends a message telling members that they need to log into their accounts for any number of fraudulent reasons (usually "account confirmation" or something that sounds equally innocuous).
The email displays a URL to, say, eHarmony, while actually linking to a disreputable site that copies the eHarmony aesthetic and login system. When users enter their login information, it goes into the hands of malefactors. The phishers can then log into users' dating profiles, change the password and lock legitimate users out.
Phishing for dating sites rather than banks may seem counterintuitive; after all, dating sites hold relatively little in the way of compromising personal or financial information. A user on a dating site may list his or her credit card information, but compared to a bank account with tons of money, a home address and a social security number, the risk/reward balance at a dating site seems unfavorable.
However, dating sites provide phishers with a unique opportunity to prey on the emotionally vulnerable. By impersonating a potential partner, building up a relationship online and then claiming to be in financial distress, a cunning phisher could scam a well-meaning but gullible user out of thousands of dollars. This is less efficient than hacking bank accounts, but much harder to trace and potentially much easier to pull off.
Since real people are behind these schemes, they're not as easy to spot as scam profiles. If you have an account on a dating site, be aware of suspicious emails that come your way, and never click on a link if you're unsure of the sender; enter the URL manually instead. Also be wary if someone on a dating site asks for money before you've met. In this case, he or she really does only love you for your money.