Users of dating websites are becoming victims of phishing attacks sent via e-mails. These e-mails seek to steal individual login details for such websites, according to an investigation conducted by net monitoring company Netcraft.
Users of dating websites such as Match.com, eHarmony, Zoosk and Christian Mingle have been receiving fraudulent e-mails sent from other websites that have already been hacked in a bid to hide the identity of the sender. Such sensitive data may be used to befriend other users and to fool them into sending money, the BBC reports.
Using dating websites for phishing campaigns is a new tactic for cybercriminals, as they usually target banks, says Netcraft analyst Paul Mutton. These attacks are becoming increasingly popular, as in the span of a single week more than 100 fraudulent websites targeting Match.com alone were identified, Mutton added.
So far, it remains unclear how innocent websites have become host fraudulent scripts, but one thing is certain – servers, websites, small companies, telecom suppliers and even construction firms have all become hosts to this phishing tool.
On one compromised website, around 800 short scripts or programmes were found targeting various dating websites and each one of the scripts appeared to have been generated by a kit purchased online.
Such e-mails aim to trick users into entering their login details for the dating websites. After that, the login details are passed on to the genuine login page, but are also shared to one of the 300 e-mail addresses fraudsters use for the campaign.
Cybercriminals are likely to steal login details for accounts in order to avoid paying the charges dating sites impose before users are able to exchange messages with other users.