More and more people are looking for love online.
As a consequence, millions of people have created accounts on online dating websites, which they have filled with personal information and (typically) poorly lit webcam photographs of themselves.
One of the leading dating websites is Match.com, which means that many people might have been tempted to click on the link in this spammed-out email:
Subject: Match.com account verification
Our Valued Customer,
You Have 1 New Security Message Alert !
Click here to resolve the problem
Thank you for helping us to protect you.
Fortunately, the bogus website that potential victims are taken to is hardly the most convincing replica of the real Match.com website:
Of course, if you do mistakenly enter your login credentials onto the phishing website, you may not only be handing over control of your dating account to unknown cybercriminals.
They could see if you’re one of the many people who use the same password on multiple websites, and explore whether your Match.com password might also unlock – say – your email account.
The bad guys could also line you up for a more convincing targeted attack, using your personal information to lure you into believing you are receiving a legitimate communication from Match.com, perhaps tempting you into clicking a link by showing you possible dates. That link could lead to malware, identity theft or further compromise of your online accounts.
The cybercriminals are not just interested in breaking into your bank accounts. Any information which they can mine from you for monetary purposes, or opportunity to infect your computer, is an attractive goal.
If you’re engaged in online dating you’re advised to take steps to protect yourself, and are wise to look before you leap. The same should be true if you want to avoid being phished. Always be wary of unsolicited email messages, and think before you click.
Hat tip: Thanks to reader Kevin for bringing this phishing campaign to our attention.
Mouse cursor on heart image courtesy of Shutterstock.