They’ve migrated from lewd photos and explicit language to more plausible, girl-next-door-style pictures.
And they’ve programmed their bots to try to mimic a normal conversation, hoping to trick users into providing their phone numbers before they realize they’ve been had, security researchers say.
“They’re just average pictures of your average girl that you would encounter on Tinder,” said Narang, “so it’s harder to differentiate, ‘Oh yeah, that’s clearly a bot,’ while you’re swiping through.” The newer bots respond more slowly to messages than older automated accounts, which would often contact new matches and conspicuously send flirtatious messages faster than any human could type, Narang explained.
“It won’t happen for about 50 minutes, 45 minutes, then [you’ll] get the message.” And rather than sending explicit messages and advertising links through Tinder itself, the new generation of bots will open with a quick compliment or attempt at flirtatious banter, then send a phone number or Kik username and ask would-be suitors to send them a text, according to Narang.“If you message them through SMS, that’s when they’ll actually go through their scripted conversation, talking about how they want to go on an adult webcam site,” he said.Pindrop Security, which monitors online reports of phone fraud, said in an October blog post that it had seen increased numbers of Tinder-related text spam complaints, which it suggested might be the result of better spam detection by Tinder itself.Spammers took to Tinder soon after the matchmaking app went mainstream in 2013, setting up automated accounts to message lonely bachelors with ads for porn and webcam strip shows, according to reports from security firm Symantec.Initially, their approaches were fairly transparent, using profile photos of scantily clad women and simplistic automated chat bots that immediately mixed dirty talk with links to sleazy subscription sites.
“It’s usually, ‘Hey, if you want to talk further, go to this link on this website, and you can see all my pictures there,’” Satnam Narang, a senior security response manager at Symantec who’s written about the phenomenon, told me.Some spammers set up accounts for made-up sex workers, posting sultry photos overlaid with explicit price lists, along with fake escort service links actually pointing to porn sites and dubious premium dating services of the “hot girls in your area” variety.A not-so-suble old style fake prostitute spam account.Screenshot by the author Occasionally, they’d market more family-friendly products as well.A set of Tinder spam bots, masquerading as women to promote the mobile strategy game Castle Clash, drew media attention last spring after spamming users with the unlikely promise to date men who could beat them at the game.But lately, many Tinder spammers’ approaches have grown subtler.