Tactical Information Systems
Biometric Identification Software
SERVER.png

Tactical Information Systems Blog

Identity & Technology

Bots & Scammers in Online Dating

I decided to run a little experiment at a prominent online dating site focusing on "Sugar Daddies". If you aren't familiar with the concept, this is a site run primarily for men who have money and want to attract women (typically young) who want to be taken care of and pampered. I'll leave it at that and you can make up the rest of the story yourself.

I created an account at this site and did the absolute minimum I could to get through the sign-in process. In this case, I put in my birth date, what I was interested in, and my marital status. I am happily married, but I put in "divorced" in order to be a little bit more like men using the site. (I did clear this with my wife, who is tolerant of my experiments, but not happy). I did not upload a picture, even though the site encouraged me to.

Seriously, my wife is fine with this.

Seriously, my wife is fine with this.

Once I completed this very quick sign-up process, I was encouraged to pay for "enhanced" membership. I wouldn't be able to receive messages unless I paid. I ignored this plea, browsed a bit and logged off.

Within the first 24 hours, I received about 12 emails from the site saying that users were sending me messages, and I should sign up for paid access in order to receive the messages. I ignored this, and got a couple of emails a day, eventually tapering off to nothing. After a couple of weeks, I showed the site to my wife in order to comfort her that I was being honest (it didn't help). Curiously, after logging in again, I got more emails about messages from people who wanted to contact me.

Bear in mind that these messages are supposedly coming from people who want to contact me solely based upon my birthday and the fact that I am divorced. I was skeptical to say the least.

After about a month, I got this email:

"Maybe you forgot to check your inbox or maybe you can't remember your user name or password and therefore could not check your messages. There are 17 members who have sent you messages and they are all waiting to hear back from you. One of them could be the perfect SugarBaby for you, the one that you've been hoping to find."

Infuriatingly, they included my user name and plaintext password.  I understand they were trying to be "helpful" but this is a huge security no-no, even for a dating site. They should not be storing my password in plaintext, which they clearly are, and they should not send it in email in any case.

So I decided to actually cough up some money and pay to see what people were trying to say to me. Here are a few of the messages I got:

"I read your profile, and I liked it, I would be the perfect traveling partner, since I have a flexible schedule. e-mail me if you want to see some pictures."

"If you send me your email..then I will send you a picture of me. I will also tell you much more about myself. Hope to hear from you soon..."

"i am looking for someone that will definitely respect me, something long term would be good and as far as seeing each other i would try to be flexible."

"i like what i read so far, what we're seeking matches up at first glimpse. please email me ..."

"You know im searching in here to find some of the same things your looking for. I just want to be treated well. maybe we should talk more to find out if we're what we want."

You get the idea. Every message is completely generic, which makes sense because there is nothing on my profile to go on. A few times I got the exact same message from different user names. Each message was accompanied by an attractive picture of a woman. I ran a few of these through Google's reverse image search and every one popped up as being publicly available.

Clearly, this is online dating fraud. These accounts are either bots or scammers, although it is impossible to tell from this end, which is which.