IT security firm Bitdefender warns users of the popular dating app Tinder that spam bots are being used to lure them to various websites. Users in the US are urged to download the mobile strategy game Castle Clash, while others are directed to surveys and shady giveaway sites.
The spammers have set up a number of fake profiles using the photographs of some attractive young ladies. Bitdefender says the images have been stolen from the site of a photography studio.
When users like one of these fake Tinder profiles, the bots immediately start sending them messages that read something like this: “Hey, how are you doing? I’m still recovering from last night Relaxing with a game on my phone, castle clash. Have you heard about it? http://tinderverified.com/castleclash[removed]. Play with me and you may get my phone number.”
Note that the Castle Clash download is hosted on tinderverified.com. This is an attempt to make everything more legitimate-looking.
Bitdefender has notified both the photography studio and IGG, the developers of Castle Clash. IGG representatives say they’re aware of the spam campaign and they’re investigating.
“We are already aware of this issue and we are currently investigating into it. We are also being victimized in this issue therefore we are grateful for being informed,” the company told HotForSecurity.
However, as TechCrunch points out, IGG could have some involvement. One possibility is that the developer has paid an “unscrupulous” third party to promote its apps and this is the result.
Tinder says it’s taking steps to remove the spammy accounts. In the meantime, users are advised to be cautious if they come across such profiles.