In the World of Dating Apps, Cybersecurity is Always Sexy

Gran set you up, again. She wants you to be happy, and you’d make such a pretty bride – her words. Every time she says it, you refrain from rolling your eyes and explaining you’re more interested in how a power suit looks on you. The new potential suitor walks her neighbour’s dog, a yippy Bichon Frise. The dog-walker is in-between jobs – he’s been in-between jobs for over a year. The dog-walking thing is more of a favour than a career. He’s living in his parent’s basement. You are not holding out a lot of hope, but it’s easier to grab a drink with him than listen to Gran’s disappointed chiding. Cybersecurity is Always Sexy

You’ve spent the better part of the week texting him. So far, it’s been good. He’s kind of witty and a little flirty. He says he’s holding out for his dream job. Gran says he looks like a young Cary Grant. You googled. Young Cary Grant’s promising. You peel off your comfy weekend lounge clothes. Put on your red “date” sweater. And hail an Uber all while trying to keep an open mind.

You’ve been ghosted.
Gran is no longer in charge of your love life.

You are taking control of this dog and pony show (you smile at your mental pun). You go to the app store and download Tinder. Let the swiping begin.

****

45% of Canadian singles are now using dating apps. Have you been there, swiped right? Maybe you’re one of the 77% of Canadian online daters who find digital dating frustrating. It’s exhausting to have a 24-7 singles club in your purse, or pocket. After a few bad meetups and a ghosting or two, you’re fed up and delete your app (or apps). 26% of users delete their apps at some point. But then, 40% of those that delete convince themselves they’ll meet someone authentic this time and get back in the dating app game within six months. This is the reality of the modern dating scene in Canada. Whether you turn to Tinder, Grindr, Bumble or OkCupid to find your forever, or your one-night stand, you need to protect more than your heart.

Shot through the heart, and hackers to blame, darlin’ you give dating apps a bad name

Kaspersky Lab and B2B International, a research firm, conducted a study that found that one-in-three people are online dating, and the apps that they are using are vulnerable to hackers. The study evaluated nine dating apps including Tinder, Bumble, OkCupid, Zoosk, and Happn and found that most had one, if not multiple, vulnerabilities. Dating makes you vulnerable enough without having to worry about your sensitive data.

The study showed the main threats to your cyber safety:

Some of the dating apps they investigated allowed hackers to track users’ real identities based on data provided to the apps. Information, such as listing specific names of workplace or school helped hackers to narrow in on users.

Not all dating apps use SSL-encrypted channels when transferring data. This means that hackers cannot just see the data but change it as well. So, a simple message of “How are you” can be modified to be a request for money.

The apps can allow for man-in-the-middle attacks (MITM). MITM is when a user’s traffic passes through a rogue server on route to the real server. This can be stopped if app servers verify the authenticity of certificates. Most apps studied did not verify certificate authenticity.

Cybercriminals can get at user’s data by invoking superuser access. This means that hackers can obtain authorization tokens for social media from the apps. Although the credentials are encrypted, the decryption key was extractable from the app is some cases. Six of the nine apps studied store messaging history and user photos with authentication tokens. So, if the hacker gains superuser allowance, they can see confidential information.

If the apps aren’t protecting your sensitive data, then you have to.

Love is a battlefield

Cybersecurity needs to be considered even when pursuing a fun fling online. You don’t want to wake up the next morning with a virus or the realization that someone has stolen your identity. Some precautions need to be taken to ensure you’re being cyber-safe.

Protect your identity. Choose a username that doesn’t give anything away about your real identity. If you have multiple profiles, make an effort to create different usernames. Do not use third-party login devices, like signing in through Facebook, to access your dating app and do not link any social media accounts to your dating app (even if you are trying to increase your Instagram followers).

Have different and challenging passwords for each of your social media accounts. If people are around when you’re logging on, make sure they aren’t able to creep on you entering your username and password.

If you’re in public, don’t use the free Wi-Fi to find your true love, keep it on private and secure networks.

Don’t post anything they can use against you. Risqué photos are a no. But so is listing the specific names of your work or school, your birthday, your mother’s maiden name, contact details. Any information that a threat agent can collect to gain a whole picture of you.

In early conversations, be wary of giving too much away. Keep early online dating on a need-to-know basis.

Don’t open it. Just don’t. An email attachment, a link, whatever they send you. Don’t open it if you hardly know them.

If they ask for money or offer a significant business opportunity, then virtually run away.

If they act suspicious and your intuition is tingling for you not to trust them, don’t.

Always have security solutions installed across all of your devices.

Be wary of apps that put you in a radius of other users using GPS. GPS data and device information together can pinpoint you in the real world and make you a walking target.

Every breath you take, every move you make

Think you are being courted by a catfish? Phishing and social engineering are employed by hackers to dig up personal details to infiltrate, or scam. They use a target’s interests to build a relationship and trust. Online scammers exist in every dating app, fake pics, fake places, bots, criminals trying to get your personal or financial information, and pyramid scheme artists. The world of online dating is a strange and scary place. If you think your dream date is pretending to be someone they’re not, then take your date-vetting to the next level and get your cyber-sleuth on to protect yourself.

Start with their username. Throw the username, or email address if you have it, into Google for a start and see what happens. 64% of people use the same usernames and passwords across websites, so you never know what you’ll unearth.

Try the profile pic. Take the profile photo and put it into a reverse image search engine (TinEye, Google Images). You may find other social media or professional profiles.

Have their email or phone number? Search it on Facebook. It may not be listed on their profile directly, but it may appear on a friend’s wall in a message. Or you can try using Pipl. Pipl is an aggregator that goes deeper than regular search engines.

Disclaimer: We at ISA are not advocating cyber-stalking. Consider this an ABC after-school special “the more you know” moment.

Love in an elevator

Whether it’s in an elevator, a cubicle or the corner office, the reality is that a portion of a company’s workforce is using dating apps at work. These dating apps may open the gateway for cyber attacks when employees use them at the office. So, the IT department can make like Cupid and help employees find love, cyber-safely.

Online dating cyber-risks fall into two categories the people and the systems. Cybercriminals exploit people’s emotional investment when seeking companionship and use spear phishing and social engineering ploys to push malware or to obtain private information. A desire for a romantic relationship is feigned to infiltrate or gather data. Dating apps with chat options, combined with big data analytics make the online dating game more dangerous. Determined cybercriminals can make connections with multiple people employed at one organization. From each of those connections, they can gain a nugget of information which can be collected to form a clearer picture of that company. This is especially true if AI is employed in the romantic phishing campaign. Cybercriminals can use collected data to gain access or compromise a company. Users don’t always know the difference between safe sites and malicious sites that host malware.

The reality is that most employees aren’t going to stop cruising their dating apps at work, even if asked to. Educate employees about spear phishing and social engineering scams and how conversations can be analyzed to gather confidential information. Encourage them to keep their love life off of company devices. Your enterprise most likely has devoted a lot of time and money into defending against malware. If not, this Valentine’s Day, don’t give your employees roses, give your employees the gift of a layered cybersecurity system. Because roses die, but cybersecurity is always sexy.

NEWSLETTER

Get exclusively curated cyber insights and news in your inbox

Related Posts

Contact Us Today

SUBSCRIBE

Get monthly proprietary, curated updates on the latest cyber news.