Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Make a Date With Fraud

timothy posted about 4 months ago | from the hey-at-least-it's-a-date dept.

Crime 61

Rambo Tribble (1273454) writes "Netcraft is reporting that criminals are mounting massive phishing attacks through online dating sites. The scams are numerous and target multiple sites. Actual methods range from blackmail to 419-style scams. Characteristically, fraudsters hijack an existing account on one of the services, then use that as a portal to deliver a PHP script to compromise the site. 'The latest attacks make use of a phishing kit which contains hundreds of PHP scripts, configured to send stolen credentials to more than 300 distinct email addresses.' The BBC offers additional insights ."

Sorry! There are no comments related to the filter you selected.

Online dating losing market share (0)

xenoc_1 (140817) | about 4 months ago | (#47286113)

Netcraft confirms it.

Re:Online dating losing market share (1)

Anonymous Coward | about 4 months ago | (#47286137)

You can catch a virus from on-line dating.

Re:Online dating losing market share (0)

Raseri (812266) | about 4 months ago | (#47286297)

In before "Netcraft confirms --"

Well, fuck.

That explains it (5, Funny)

Nidi62 (1525137) | about 4 months ago | (#47286117)

I wondered why my date had me show up with a $50,000 money order......

Re:That explains it (0)

Anonymous Coward | about 4 months ago | (#47286181)

She probably only showed you pictures of her face, too. Pictures that were 5 years old.

Re:That explains it (1)

TapeCutter (624760) | about 4 months ago | (#47286387)

The money didn't upset me, it was the fraudulent photos they use as bait.

Re:That explains it (0)

Anonymous Coward | about 4 months ago | (#47287203)

Did you check her Open Sores profile first?

[url]https://www.youtube.com/watch?v=8ZNfJqFuIw8[/url]

Re:That explains it (0)

Anonymous Coward | about 4 months ago | (#47287963)

She saw your selfie. I'd have demanded $50,000 for a date, too.

selfies or it didn't happen (-1)

Anonymous Coward | about 4 months ago | (#47286141)

Dating sites, where you go when you want to be judged by your selfies. Looking to meet someone with similar interests? Look elsewhere, loser.

Re:selfies or it didn't happen (1)

Anonymous Coward | about 4 months ago | (#47286617)

Sure, please show us where to go to start finding dates. You go to a bar, you get barflies (pick your STD.)

Re:selfies or it didn't happen (2)

nukenerd (172703) | about 4 months ago | (#47287547)

Dating sites, where you go when you want to be judged by your selfies. Looking to meet someone with similar interests? Look elsewhere, loser.

Here we go : cue posts saying "My mother told me never to trust anyone I meet on a dating website".

Here's some more helpful advice :-

Never trust anyone you meet in a bar
Never trust anyone you meet in a theatre
Never trust anyone you meet at a party
Never trust anyone you meet in the street
Never trust anyone you meet on holiday
Never trust anyone you meet if arraged by a friend
Never trust anyone unless you already knew them before you were born

Perhaps you would like to advise us where this "elsewhere" is exactly, I never found it. Do you know, when you actually meet someone (whether through internet dating or "elsewhere") you get to see what they actually look like anyway? If they look like Jo Brand (and that's not your thing), or they ask for money (and that's not your thing either) you walk away.

Re: selfies or it didn't happen (1)

speedc0re (744562) | about 4 months ago | (#47287597)

I would trust any random woman I met online more than I trust my ex wife.

Re:selfies or it didn't happen (1)

Average (648) | about 4 months ago | (#47290277)

"Never trust" is an exaggeration. It's not a binary.

"Never trust anyone you meet at a party" is a very weak, nearly joking, version of 'never trust' Date them, but don't immediately trust them.

"Never trust some klatch of Ghanaian scammers who you've never actually met in person so much that you send them your entire life's savings and in fact go wildly into debt sending them more money" (as is the advice my uncle got repeatedly and ignored repeatedly) is a much stronger version of 'never trust'.

- can't fix stupid
-- but stupid eventually runs out of money (and credit)

Re: selfies or it didn't happen (1)

Optali (809880) | about 4 months ago | (#47296401)

Another useful tip: Never get high on your own supply

In other words: Date-site security sucks... (4, Insightful)

gweihir (88907) | about 4 months ago | (#47286153)

Nothing surprising here, the date sites are just attacked because the operators are to dumb do make their site secure and there are a lot of people there. Any other type of site with the same characteristics is equally a target, the connection to "dating" is pure coincidence.

Re:In other words: Date-site security sucks... (1)

Anonymous Coward | about 4 months ago | (#47286567)

This comes as no surprise as most 'legitimate' dating sites are scams anyway.

Re:In other words: Date-site security sucks... (1)

Anonymous Coward | about 4 months ago | (#47286895)

Operators are not dumb, management is cheap and they want everything done 5 hours ago. I know.

Re:In other words: Date-site security sucks... (1)

gweihir (88907) | about 4 months ago | (#47288339)

From my experience, it is a combination of dumb operators and dumb management in most places. Finding either competent operators or competent management but not the other is exceedingly rare.

Re:In other words: Date-site security sucks... (2)

rHBa (976986) | about 4 months ago | (#47287797)

If you read the Netcraft article you'll see that the summary is wrong. All it is is a phishing kit that's hosted on some other compromised server.

It's nothing to do with the dating site's security, more to do with the tech savy of their users.

Re:In other words: Date-site security sucks... (1)

ortiooo (3710957) | about 4 months ago | (#47298251)

These sites get attacked partly because users of dating sites usually have dumb passwords... And I always say to this: passwords should make way for 2FA! It seems difficult for a common user, but in fact 2FA world’s most convenient authentication method

Target audience. (4, Funny)

xxxJonBoyxxx (565205) | about 4 months ago | (#47286203)

Hmmm...posted to SlashDot...on a Friday night.

Re:Target audience. (0)

Anonymous Coward | about 4 months ago | (#47286225)

Same thing we do every Friday Night, JonBoy, try to Find A Date!

Re:Target audience. (-1)

Anonymous Coward | about 4 months ago | (#47286229)

Fuck you. Just fuck off already.

Re:Target audience. (0, Funny)

Anonymous Coward | about 4 months ago | (#47286353)

Off Already, such an unconventional name! Would date.

Re:Target audience. (0)

TapeCutter (624760) | about 4 months ago | (#47286361)

Hmmm....it was posted Saturday morning in Oz.

Re:Target audience. (0)

Anonymous Coward | about 4 months ago | (#47286375)

No it was definitely posted on Friday night to Slashdot, you're reading it on Saturday morning in Oz.

Re:Target audience. (-1)

Anonymous Coward | about 4 months ago | (#47286573)

Yeah, all the neckbeard Linux tards are all running off to fagdates.com and getting ripped off. Oh well, fuck em.

Re:Target audience. (1)

The New Guy 2.0 (3497907) | about 4 months ago | (#47286823)

Right night to post a dating alert... if you don't have a steady girlfriend, how are you going to meet her? The best way is to find the people you deal with too much... you know, like somebody who helps you too much at your favorite store or restaurant.

Re:Target audience. (0)

Anonymous Coward | about 4 months ago | (#47286835)

Nobody ever talks to me, insensitive clod!

Parasite Entry? (4, Interesting)

LifesABeach (234436) | about 4 months ago | (#47286241)

Looking at the code provided by NetCraft, and RTFA, it looks like a bogus php $_post transaction is sent to a php web service? So if the web service doesn't verify the inputs, then that would be an entry point where a script vectors in? I guess the real question is, "How to prevent a PHP script being executed when it is being read in as an $_post element? Another question is, "What command sequence causes this?"

Re:Parasite Entry? (1)

rHBa (976986) | about 4 months ago | (#47287751)

How to prevent a PHP script being executed when it is being read in as an $_post element?

Simple, don't:

<?php
eval($_POST['unvalidated_user_data']);
?>

(in fact don't eval at all, if you need eval you're usually doing something wrong)

Having RTFA, I interpreted it slightly differently. I think the supplied PHP code is uploaded to another, previously compromised server and it is used to send out phishing emails.

The unwary user then enters their login details on the compromised server (or if they are using an email client that displays HTML forms(!), within the email) the data is then sent to the compromised server which forwards it on to the script kiddie. The user is then redirected to the real login page along with their POST data so when they arrive there they are automatically logged in, none the wiser...

Re:Parasite Entry? (2)

Antique Geekmeister (740220) | about 4 months ago | (#47287973)

And of course, XKCD has an excellent cartoon about just this sort of problem:

              http://xkcd.com/327/ [xkcd.com]

It looks like little Bobby "Tables" has grown up, discovered herself, and changed her name and gender to Roberta "PHP".:

         

So it's.... (4, Funny)

Hsien-Ko (1090623) | about 4 months ago | (#47286427)

catphishing?

Misleading title (2)

charlesbakerharris (623282) | about 4 months ago | (#47286447)

At first blush, I figured "Make a Date With Fraud" meant someone had set up an entire dating service designed to introduce people to, well, me. A bit sad to see it wasn't that, honestly.

Re:Misleading title (1)

MightyMartian (840721) | about 4 months ago | (#47286645)

That would have been a much better article.

Re:Misleading title (-1)

Anonymous Coward | about 4 months ago | (#47286965)

Do your parents regret raising a retarded faggot?

Re:Misleading title (1)

charlesbakerharris (623282) | about 3 months ago | (#47312581)

Great comeback, kid. Good try. Good effort.

Is It Just Me? (1)

Anonymous Coward | about 4 months ago | (#47286477)

Anyone else misread the headline as "Make a Date With Freud"?
What does this say about the relationship with my mother?

No mention of Windows (0)

Anonymous Coward | about 4 months ago | (#47286515)

Can any of these exploits run without the presence of Microsoft Windows?

Re:No mention of Windows (1)

rHBa (976986) | about 4 months ago | (#47287763)

Seeing as it's just a phishing kit that runs on any PHP enabled server, no, only Windows users are a prerequisite, not the OS itself. (Also an email client that displays functional HTML forms helps).

Anything good ... (2, Insightful)

jklovanc (1603149) | about 4 months ago | (#47286683)

Anything good can also be used for bad. If we don't do things because it could end up being use for bad then we don't do anything.

Anything good ... (0)

Anonymous Coward | about 4 months ago | (#47287049)

This. I've just transferred $25k to this Nigerian princess I met on a dating site and as soon as the bank clears it I'll be rich.

Scammers always looking for a target (0)

GoodNewsJimDotCom (2244874) | about 4 months ago | (#47286729)

Scammers are some of the scum of the Earth because they think it is okay to do evil to their fellow man if it benefits them monetarily.

I used to use dating sites. Laugh it up, you're allowed. I lost a true love to stupidity once. Anyway in the process of using dating sites for 3 years, I would only get about a 1/70 ratio of people I message. One girl came on strong with a pet nam and I was a little worried, but hey I'll talk with whoev until it gets weird. Anyway it culminates with her being stuck in the UK and no way to get a plane ticket to the states unless I sent her money. I called her out that this sounds like a scam, and that was the last I ever heard from her.

Anyway, one of the reasons for me stopping to use dating sites is that if God has someone for me, he'll hook me up, otherwise, I can work my butt off and have more to help the poor. There's more to life than just getting married and raising kids, though that is a cool part of it.

Re:Scammers always looking for a target (2, Funny)

Anonymous Coward | about 4 months ago | (#47286799)

What if God has someone for you and created online dating sites to hook you up?

Re:Scammers always looking for a target (1)

GoodNewsJimDotCom (2244874) | about 4 months ago | (#47286827)

That's a possibility, but I'm just done with them for now at least.

Re:Scammers always looking for a target (1)

Swave An deBwoner (907414) | about 4 months ago | (#47287033)

He is not going to like that.

Re:Scammers always looking for a target (1)

GoodNewsJimDotCom (2244874) | about 4 months ago | (#47287075)

Well He's God, He saw it coming. He isn't surprised.

Re:Scammers always looking for a target (0)

Anonymous Coward | about 4 months ago | (#47287221)

How did a troll like you manage to get the privilege of +2 posting?

roman_mir would probably pay you for some lessons.

Re:Scammers always looking for a target (1)

Haoie (1277294) | about 4 months ago | (#47287291)

1/70? Ouch.

Call it hindsight but maybe you should've been more selective in who to contact. You may have been writing to all the wrong people who have nothing in common with you.

Good luck for the future.

Re:Scammers always looking for a target (3, Interesting)

nukenerd (172703) | about 4 months ago | (#47287581)

Anyway in the process of using dating sites for 3 years, I would only get about a 1/70 ratio of people I message.

Is that 1 in 70 reply, 1 in 70 you meet, or 1 in 70 you get to do whatever? I was in a dating club (pre-internet - it was letter based). Got about 25% replies, met about 5%, further dates with about 2%, went steady (as it was called, not the same as a LTR) with 1%, married 0.2%.

Someone said you should have been more selective in who to contact. I started that way, looking for certain personalities, but got very few replies; then I just wrote to all that were in a 5 year age bracket and not taller than me (there were no photos in that club). Suprisingly, I got on very well with girls who were quite opposite to me - dimmer and more outgoing, including an ex- Bunny Girl (not as exciting as you might think). FWIW I was mentally stable, not nerdy, quite well off, and not all that bad looking - which is assumed to be what girls look for, but it cetainly isn't, not these days anyway.

one of the reasons for me stopping to use dating sites is that if God has someone for me, he'll hook me up

I never met any girl outside of dating clubs, and by "met" I mean to have a social conversation > 10 seconds. It remains a mystery to me how people meet each other any other way.

Re:Scammers always looking for a target (0)

Anonymous Coward | about 4 months ago | (#47289205)

> Got about 25% replies

Bullshit. As someone that has done online dating since 1989 on IRC and has worked for three of the larger online dating sites, that is complete and utter bullshit. I have my messages honed to a fine edge from decades of refinements, and I've learned from looking at thousands of messages sent from the most successful men on these sites. I only have about a 0.75% response rate. The last guy's account I looked at that had the highest response rate because he looked like Eric Bana and is CEO of a Fortune 1,000 company, had less than one fifth of your claimed response rate. You're absolutely full of shit. You're not going to find 25% of a random sampling of women that are interested in men and go to the trouble to reply, much less 25% that will reply to the same person. As OkCupid proved (http://blog.okcupid.com/index.php/your-looks-and-online-dating/), only 20% of women find men on onine dating sites attractive. The odds that one of those 20% logged back into read your message, liked it, and spent the time to reply are not 125% like you claim. That's impossible.

> met about 5%

Again, bullshit. There are some days I've sent more than a hundred messages. Again, I've done this for twenty-five years. As a wild guess, I've contacted 60,000 women over the years, and I've only met one in person. That's a 0.00167% success rate. Your claim is that you are almost 3,000 times more effective? Complete and utter bullshit. I might believe five times more because I've lived in Seattle for twenty years, and the women here are simply not interested in men. I don't have a single straight friend or coworker here that I know that has been on a date.

> further dates with about 2%

So you claim a second date 40% of the time after the first. That seems unlikely. Several surveys I've seen put that number at 5% so you're claiming to be eight times more effective than the average guy.

> went steady with 1%

So your claim is that half of the time you can get a second date that you have a long term relationship? Again, unlikely.

It sounds as if you are shilling for dating sites. We are an order of magnitude worse than what you describe for even the best looking guys.

Re:Scammers always looking for a target (0)

Anonymous Coward | about 4 months ago | (#47289561)

I've contacted 60,000 women...

Impressive. I keep up with my contacts in a spreadsheet, and I only have 10k contacts and have worked very hard for many years. I kept track of every contact because I wanted to run correlation coefficients to find what worked. Since I haven't met a single girl yet from a dating site, I don't have any way of figuring-out what works! All of my hard work tracking has been useless. It's depressing.

And, to the GP: you're a full of shit wanker for trying to make us normal guys feel bad. The 25% reply rate is fucking ridiculous. If you had gone with 2.5% you would have been more believable and be more effective at your goal of making us feel bad.

Re:Scammers always looking for a target (1)

nukenerd (172703) | about 4 months ago | (#47289601)

Wow, don't know where to start here - someone who has worked for dating sites too.

> Got about 25% replies

Bullshit.

I believe you are thinking of dating websites. I was clear I was talking about my experience on letter-based dating clubs, FWIW. Maybe some difference there.

You're not going to find 25% of a random sampling of women that are interested in men and go to the trouble to reply... As OkCupid proved only 20% of women find men on onine dating sites attractive. The odds .... are not 125% like you claim. That's impossible.

It was not a random sample of women. They were women who by joining the scheme had expressed a wish to meet a guy, and I mostly wrote to ones sounding suitable in terms of age, attitude, culture etc. I would not have written to one eg who said they only wanted a vegetarian guy, or a guy over 6ft tall, which I am not. And presumably, women who don't find men on on-line dating sites attractive don't join on-line dating sites, so they do not enter the equation or your percentages at all.

I've contacted 60,000 women over the years, and I've only met one in person. That's a 0.00167% success rate.

..and I thought my luck was bad! I know several couples in my circle who met by online dating and my circle is not a large one. They certainly did not contact 60,000 . I am in the UK, if that makes a difference.

.. you claim a second date 40% of the time ... unlikely. Several surveys I've seen put that number at 5% so you're claiming to be eight times more effective than the average guy.

Don't forget that by the second date we had already been through quite a filtration process - typically an exchange of 3 or 4 letters and photos on top of the basic factual details in our listings. Don't think the average guy does that.

> went steady with 1%

So your claim is that half of the time you can get a second date that you have a long term relationship?

No, I did not claim that. A LTR means living like in marriage, usually co-habiting and with routine sex. I only claimed I "went steady". Does the term no longer exist? It means a friendship such that neither of us were looking for a relationship elsewhere at the time, were seeing each other only once or twice a week, and were not necessarily having sex together yet.

Strange attitude that only about 20% of women find men on onine dating sites attractive. I have come across many things thay make people unattractive - bad breath, bad complexion, bad teeth, bad attitude, poor figure, limp personality .... but being a member of a dating club ??? WTF has that got to do with attractiveness? Is there an assumption that you must be unattractive to be in a dating club? Not what I found, the girls I met had joined out of circumstances - like me, for one reason or another, they never met anyone of the opposite sex of similar age and unattached. Some I met were extremely attractive, although I met some ugly ones too; typical cross-section really.

Re:Scammers always looking for a target (1)

greenwow (3635575) | about 4 months ago | (#47290135)

That's a 0.00167% success rate.

Better than anyone else I know. Of course the guys I know aren’t sending nearly as many messages as you, but not a one has ever had a date from one of those sites. That’s 0%! Personally, I think I’ve sent about 2k messages on match.com, gotten two first replies, and then zero second replies. I think my chances of ever getting an actual date are zero, but I keep trying.

You seem like a nice guy, but you know you work for a scam. You know damn well women aren’t responding to men and certainly aren’t meeting men. That makes them a 100% scam. You should be ashamed of yourself for working for one.

Re:Scammers always looking for a target (0)

Anonymous Coward | about 4 months ago | (#47294465)

I never met any girl outside of dating clubs, and by "met" I mean to have a social conversation > 10 seconds. It remains a mystery to me how people meet each other any other way.

Learn to dance. You get 2-3 minutes to talk with her, so long as the music isn't too loud.

DJs with dance experience play music at reasonable levels. Live bands rarely do, since the average musician can't figure out how to operate a sound level meter and is too deaf to know what a reasonable sound level is. So avoid the bands unless you like poor odds.

Re:Scammers always looking for a target (0)

Anonymous Coward | about 4 months ago | (#47289009)

if God has someone for me, he'll hook me up

God gave you legs so you can move your own ass around. If you're waiting for God to hand-deliver something you're going to die without it.

Not the only danger. (0)

Anonymous Coward | about 4 months ago | (#47286931)

It is unclear whether a successful date may end up eventually costing you more than a phish. E.g., phishing has never caused alimony or STDs.

heh - this reminds me of my brief time on myspace (0)

Anonymous Coward | about 4 months ago | (#47287107)

shortly after I started an account, I got a friend request or whatever they called it from an unbelievably good looking young woman. On a scale of 1-10, she was a 12.

I replied to her asking if she was for real.....she never responded.

    I'm still a bit curious about what the scam would have been though. Would she have met with me and just asked me to loan her money that she would never pay back? Could it have been something else? I dunno.

I also got a letter from a Nigerian prince. He seems very sincere.

So the sites aren't fraud themselves? (0)

Anonymous Coward | about 4 months ago | (#47288741)

I've always read that the sites themselves are fraud, having employees contact people just before their paid subscriptions end to make them think someone is interested and extend their subscriptions.

Mail-Order Brides (0)

Anonymous Coward | about 4 months ago | (#47288749)

It seemed that every time I used a dating site, the only women that would message me were foreigners looking for a U.S. citizen to ship them over here and marry them.

Plan B (1)

DoofusOfDeath (636671) | about 4 months ago | (#47290025)

If you can't make a date with fraud, you should at least shake hands with danger [rifftrax.com] .

(One of the funnier RiffTrax imho. Worth the purchase price.)

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?