Online romantics targeted by dating site phishing attack

Cursor on heart. Image courtesy of ShutterstockMore and more people are looking for love online.

As a consequence, millions of people have created accounts on online dating websites, which they have filled with personal information and (typically) poorly lit webcam photographs of themselves.

One of the leading dating websites is Match.com, which means that many people might have been tempted to click on the link in this spammed-out email:

Match.com phishing email

Sign up to our free newsletter.
Security news, advice, and tips.

Subject: Match.com account verification

Message body:
Our Valued Customer,
You Have 1 New Security Message Alert !
Click here to resolve the problem
Thank you for helping us to protect you.

Yours Sincerely,
Match Online

Fortunately, the bogus website that potential victims are taken to is hardly the most convincing replica of the real Match.com website:

Match.com phishing website

Of course, if you do mistakenly enter your login credentials onto the phishing website, you may not only be handing over control of your dating account to unknown cybercriminals.

They could see if you’re one of the many people who use the same password on multiple websites, and explore whether your Match.com password might also unlock – say – your email account.

The bad guys could also line you up for a more convincing targeted attack, using your personal information to lure you into believing you are receiving a legitimate communication from Match.com, perhaps tempting you into clicking a link by showing you possible dates. That link could lead to malware, identity theft or further compromise of your online accounts.

The cybercriminals are not just interested in breaking into your bank accounts. Any information which they can mine from you for monetary purposes, or opportunity to infect your computer, is an attractive goal.

If you’re engaged in online dating you’re advised to take steps to protect yourself, and are wise to look before you leap. The same should be true if you want to avoid being phished. Always be wary of unsolicited email messages, and think before you click.

Hat tip: Thanks to reader Kevin for bringing this phishing campaign to our attention.

Mouse cursor on heart image courtesy of Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.