Forgot your password?
typodupeerror
Crime

Make a Date With Fraud 61

Posted by timothy
from the hey-at-least-it's-a-date dept.
Rambo Tribble (1273454) writes "Netcraft is reporting that criminals are mounting massive phishing attacks through online dating sites. The scams are numerous and target multiple sites. Actual methods range from blackmail to 419-style scams. Characteristically, fraudsters hijack an existing account on one of the services, then use that as a portal to deliver a PHP script to compromise the site. 'The latest attacks make use of a phishing kit which contains hundreds of PHP scripts, configured to send stolen credentials to more than 300 distinct email addresses.' The BBC offers additional insights ."
This discussion has been archived. No new comments can be posted.

Make a Date With Fraud

Comments Filter:
  • Netcraft confirms it.

    • by Anonymous Coward

      You can catch a virus from on-line dating.

  • by Nidi62 (1525137) on Friday June 20, 2014 @08:21PM (#47286117)
    I wondered why my date had me show up with a $50,000 money order......
  • by gweihir (88907) on Friday June 20, 2014 @08:29PM (#47286153)

    Nothing surprising here, the date sites are just attacked because the operators are to dumb do make their site secure and there are a lot of people there. Any other type of site with the same characteristics is equally a target, the connection to "dating" is pure coincidence.

    • by Anonymous Coward

      This comes as no surprise as most 'legitimate' dating sites are scams anyway.

    • by Anonymous Coward

      Operators are not dumb, management is cheap and they want everything done 5 hours ago. I know.

      • by gweihir (88907)

        From my experience, it is a combination of dumb operators and dumb management in most places. Finding either competent operators or competent management but not the other is exceedingly rare.

    • by rHBa (976986)
      If you read the Netcraft article you'll see that the summary is wrong. All it is is a phishing kit that's hosted on some other compromised server.

      It's nothing to do with the dating site's security, more to do with the tech savy of their users.
    • by ortiooo (3710957)
      These sites get attacked partly because users of dating sites usually have dumb passwords... And I always say to this: passwords should make way for 2FA! It seems difficult for a common user, but in fact 2FA world’s most convenient authentication method
  • by xxxJonBoyxxx (565205) on Friday June 20, 2014 @08:34PM (#47286203)

    Hmmm...posted to SlashDot...on a Friday night.

    • Hmmm....it was posted Saturday morning in Oz.
    • Right night to post a dating alert... if you don't have a steady girlfriend, how are you going to meet her? The best way is to find the people you deal with too much... you know, like somebody who helps you too much at your favorite store or restaurant.

  • Parasite Entry? (Score:5, Interesting)

    by LifesABeach (234436) on Friday June 20, 2014 @08:41PM (#47286241)
    Looking at the code provided by NetCraft, and RTFA, it looks like a bogus php $_post transaction is sent to a php web service? So if the web service doesn't verify the inputs, then that would be an entry point where a script vectors in? I guess the real question is, "How to prevent a PHP script being executed when it is being read in as an $_post element? Another question is, "What command sequence causes this?"
    • by rHBa (976986)

      How to prevent a PHP script being executed when it is being read in as an $_post element?

      Simple, don't:

      <?php
      eval($_POST['unvalidated_user_data']);
      ?>

      (in fact don't eval at all, if you need eval you're usually doing something wrong)

      Having RTFA, I interpreted it slightly differently. I think the supplied PHP code is uploaded to another, previously compromised server and it is used to send out phishing emails.

      The unwary user then enters their login details on the compromised server (or if they are using an email client that displays HTML forms(!), within the email) the data is then

      • And of course, XKCD has an excellent cartoon about just this sort of problem:

                      http://xkcd.com/327/ [xkcd.com]

        It looks like little Bobby "Tables" has grown up, discovered herself, and changed her name and gender to Roberta "PHP".:

                 

  • So it's.... (Score:5, Funny)

    by Hsien-Ko (1090623) on Friday June 20, 2014 @09:24PM (#47286427)
    catphishing?
  • At first blush, I figured "Make a Date With Fraud" meant someone had set up an entire dating service designed to introduce people to, well, me. A bit sad to see it wasn't that, honestly.
  • by Anonymous Coward

    Anyone else misread the headline as "Make a Date With Freud"?
    What does this say about the relationship with my mother?

  • Anything good ... (Score:3, Insightful)

    by jklovanc (1603149) on Friday June 20, 2014 @10:34PM (#47286683)

    Anything good can also be used for bad. If we don't do things because it could end up being use for bad then we don't do anything.

  • Scammers are some of the scum of the Earth because they think it is okay to do evil to their fellow man if it benefits them monetarily.

    I used to use dating sites. Laugh it up, you're allowed. I lost a true love to stupidity once. Anyway in the process of using dating sites for 3 years, I would only get about a 1/70 ratio of people I message. One girl came on strong with a pet nam and I was a little worried, but hey I'll talk with whoev until it gets weird. Anyway it culminates with her being stuck in
    • Re: (Score:2, Funny)

      by Anonymous Coward

      What if God has someone for you and created online dating sites to hook you up?

    • by Haoie (1277294)

      1/70? Ouch.

      Call it hindsight but maybe you should've been more selective in who to contact. You may have been writing to all the wrong people who have nothing in common with you.

      Good luck for the future.

    • by nukenerd (172703) on Saturday June 21, 2014 @05:44AM (#47287581)

      Anyway in the process of using dating sites for 3 years, I would only get about a 1/70 ratio of people I message.

      Is that 1 in 70 reply, 1 in 70 you meet, or 1 in 70 you get to do whatever? I was in a dating club (pre-internet - it was letter based). Got about 25% replies, met about 5%, further dates with about 2%, went steady (as it was called, not the same as a LTR) with 1%, married 0.2%.

      Someone said you should have been more selective in who to contact. I started that way, looking for certain personalities, but got very few replies; then I just wrote to all that were in a 5 year age bracket and not taller than me (there were no photos in that club). Suprisingly, I got on very well with girls who were quite opposite to me - dimmer and more outgoing, including an ex- Bunny Girl (not as exciting as you might think). FWIW I was mentally stable, not nerdy, quite well off, and not all that bad looking - which is assumed to be what girls look for, but it cetainly isn't, not these days anyway.

      one of the reasons for me stopping to use dating sites is that if God has someone for me, he'll hook me up

      I never met any girl outside of dating clubs, and by "met" I mean to have a social conversation > 10 seconds. It remains a mystery to me how people meet each other any other way.

  • If you can't make a date with fraud, you should at least shake hands with danger [rifftrax.com].

    (One of the funnier RiffTrax imho. Worth the purchase price.)

There's a whole WORLD in a mud puddle! -- Doug Clifford

Working...