It's a dating fantasy, but not in a good way. Users of the Tinder dating app say they've encountered a young woman who promises her phone number in exchange for playing the mobile fantasy game "Castle Clash" with her.
But alas, Tinder-ers, your princess is in another castle: It soon becomes clear that the woman is simply a bot designed to spam users with "Castle Clash" download links.
A Reddit user named domogrue appears to be the first person who reported the scam. Now Romania-based security firm Bitdefender is investigating the case.
So far, Bitdefender reports that the bots' professional-quality pictures were stolen from an Arizona photography studio. The same photos have also been used as profile pictures for fake Facebook accounts.
The Tinder bots use several different names, including "Haley," "Cherry" and "Alicia." They seem to always start conversations with a quick greeting, then send a message reading "I'm still recovering from last night :) Relaxing with a game on my phone, castle clash."
That's followed by another message containing the URL "www.tinderverified.com/castleclash," which redirects either to the Google Play Store page for "Castle Clash" or to websites that Bitdefender describes as hosting "fraudulent surveys and dubious competitions."
The URL has clearly been designed to look legitimate, but in fact Tinder seems to be uninvolved. The developer of "Castle Clash," Singapore-based IGG.com, has also denied connection to the Tinder spambots.
Bitdefender reports that the scam appears to be geo-targeted, meaning only U.S. Tinder users are affected. On its blog, Bitdefender recommends that users never click a link sent over an online dating service.
Remember that because Tinder can access your Facebook account, spammers can add a veneer of legitimacy to a scheme by pretending your friends have recommended it.