Sample online dating email messages
Location is very potent, especially when you consider the use of Android Emulators that let you set your GPS to any place on the planet.
Location can be placed right on the target company’s address, setting the radius for matching profiles as small as possible.
This isn’t to say though that this couldn’t happen or isn’t happening—we know that it’s technically (and definitely) possible.
But what’s surprising is the amount of company information that can be gathered from an online dating network profile.
That let us establish a baseline for several locations and see if there were any active attacks in those areas.
The honeyprofiles were created with specific areas of potential interest: medical admins near hospitals, military personnel near bases, etc.
Some require a Facebook profile it can connect to, while others just needed an email address to set up an account.
For businesses that already have operational security policies restricting the information employees can divulge on social media—Facebook, Linked In, and Twitter, to name a few—they should also consider expanding this to online dating sites or apps.
We also employed a few house rules for our research—play hard to get, but be open-minded: The goal was to familiarize ourselves to the quirks of each online dating network.
We also set up profiles that, while looking as genuine as possible, would not overly appeal to normal users but entice attackers based on the profile’s profession.
It can be as vanilla as a classic phishing page for the dating app itself or the network the attacker is sending them to.
And when combined with password reuse, an attacker can gain an initial foothold into a person’s life.