Just in time for Valentine’s Day, new research from Cequence Security found that scammers are increasingly active on dating apps, attempting to manipulate and exploit users for financial gain.
These deceptive individuals pose as genuine romantic interests, building emotional connections before attempting to extract money from unsuspecting individuals.
Developed by the Cequence CQ Prime Threat Research Team, the report analysed anonymised 2023 traffic and attack data across multiple customers in the dating and media vertical across all geographies.
The CQ Prime team identified and categorised active threats, and the resulting threat intelligence is a foundational element of Cequence products that enable mitigation and blocking to protect customers’ business.
According to the National Fraud Intelligence Bureau (NFIB), £92 million was lost to romance fraudsters in the UK for the financial year ending April 2023.
Bots serve as the linchpin for scammers, providing the means to scale their operations. Through the efficiency of automation, these perpetrators intensify their efforts, significantly elevating the likelihood of successful exploits.
In 2023, more than 660 million bot requests on popular dating apps were detected, and more than 12 million unique accounts were protected from account takeovers.
Over a quarter (28%) of fraudulent transactions were spoofing an iPhone app, with 58% of all detected bot activity originating from the US.
“This Valentine’s Day, love is in the air, but so are scammers targeting lonely hearts on dating apps and looking for ways to extort money,” said William Glazier, director of threat Research at Cequence.
“Thanks to the recent advancements in AI, bad actors are now leaning on automation to scale their operations, increasingly exploiting APIs to get the accounts they need to continue their scams. While legitimate end users should always watch for red flags, organisations that develop and manage the social and dating applications where these scams occur must take the appropriate measures to curb this malicious activity.
Recommended reading
“To combat romance fraudsters, dating sites and apps must find the perfect, long-term match to help protect their users from automated attacks,” Glazier continued.
“These organisations must adopt a holistic security strategy that protects their APIs at every lifecycle phase. This means treating API security and bot management as interconnected challenges, not separate issues solved by isolated teams. This combined approach involves identifying and registering all APIs, ensuring rigorous adherence to industry standards, and deploying advanced threat detection and mitigation tools to defend against attacks.”
