Tinder Spammers Move To SMS After Improvements To Dating App’s Security

Dating app Tinder for a long time had been flooded with spam bots – fake accounts that flirt with users in order to redirect them to adult sites, and yes, take their money. This summer, security firm Symantec detailed the spam bot problem, and later, Tinder addressed the issue with a technical update. That update, it appears, was effective at cutting down the in-app spam. However, it didn’t necessarily address the spamming activities themselves. According to a new report, Tinder bot spammers just moved to a new channel: SMS.

When Symantec’s report was released, Tinder users could block profiles, but couldn’t report spam. Now, that has changed. Plus, in July, the company rolled out what it described as a “major technical solution to our current spam issue, which should result in measurably less spam and bots than prior,” the company at the time told Mashable.

However, a report out this week from Pindrop Security indicates that Tinder’s attempts at curtailing the spam activity on its service hasn’t actually slowed down the higher-level spam campaign, the firm says. The company, which monitors online phone spam complaints in order to identify and analyze new and popular scams, found in early August an emerging scam involving Tinder.

Immediately after the Tinder technical update, phone spam complaints skyrocketed.

Before August, the company’s Topic Modeler software hadn’t identified any Tinder-related complaints. By September, Tinder complaints made up 0.31 percent of total phone scams being tracked, and made the Tinder scam the 14th most popular scam that month.

Tinder-Scam-4

Screen Shot 2014-10-10 at 11.10.06 AM

According to security researchers, Tinder’s update was effective in shutting down spammers’ ability to send spam links through the app, but didn’t seem to address the issue with the bots’ existence themselves. Apparently, Tinder spam bots simply changed their scripts in order to get users’ phone numbers instead. They then proceeded to text them the spam links via SMS.

Of course, just because Tinder made a technical change then Tinder-related SMS spam increased, that doesn’t mean that the change caused the spam’s increase.

Asked if the uptick could possibly be just a coincidence (a correlation), the lead researcher, Raj Bandyopadhyay, replied that they believe it’s not.

nadine-200x300“Our topic modeler looks for phone number related complaints, and then classifies them using Data Scientist to validate correlation. In this case, we isolated complaints related to Tinder, and then compared them to historical complaints,” he says.

“This gives us a high degree of confidence that the spike is specific to Tinder activity and not just an overall spike in spam. In addition, it is important to re-emphasize that this is a pattern we have frequently seen – fraudsters migrating to phone after being thwarted online.”

On that latter note, he means that it’s common for spammers to move their activities to the SMS channel as online services are hardened against their tactics, and that’s what we’re seeing here with Tinder.

We asked Tinder if it would share any metrics related to the decreases it’s seeing in spam bot activity, or if it could offer details as to what percentage of its user base was spam bots before and after the update. We’ll update if the company responds.