Upload
mason-toups
View
81
Download
5
Embed Size (px)
Citation preview
The Online Dating Scam Project
By Mason ToupsOctober 28, 2015
Background InformationThe objective of this project was to learn about
the dangers of dating sites.I signed up for a variety of popular dating sites
like Plenty of Fish, OKCupid, Badoo, and many others.
I also signed up to dating sites referred to as hookup sites with the sole objective of “getting lucky”(You know…)
I gave myself a 3 week period to interact with the users of these sites.
My profile was a single man of 22-60, in college, looking for a long term or just meeting up for casual fun (you know..)
The Shady FindWhile finding sites to sign up to I found one
of the popular dating sites had a page, advertising sites dedicated to a mission completely opposite of their own objective
I signed up to these two sites listed on the “get lucky” personals page
The Personals Ads
The Shady FindThe two sites I signed up to will be referred
to as: adulthookups.com and motherlyhookups.comBased on the fact that the two sites had the
same exact scenario, same exact webpage, same design and same scheme. I will only be using motherlyhookups.com, throughout the rest of the presentation
The Seedy Side of Hookup SitesMany are filled to the brim with bots and fake dating
profiles
Many ask for immediate payment before accessing the site’s features (messaging, enlarging photos, etc.)
Many have a Privacy policy that states should you chose to participate on the site you agree to let them use photos you upload, pretty much however they like. (Yes your nude photos. What if they put your nude photo on the front of an ad on a very visited site….)
Observation of motherlyhookups.comThe site had next to few or no dating profiles
that were realThe images were fabricated or pulled from
random sites, many of the photos were not from real members, but of models and actors
As soon I signed up to the sites I was slapped in the face with a “pay me!” screen
Multiple Links from One Photo
Pay Me! Screen from motherlyhookups.com
Filled with bots and contractors and admits to doing so
What are the Important Terms of Use?motherlyhookups.com says that all their
profiles marked with “Online Cupid” indicate they are bots or paid contractors as said in the Terms of Use and Conditions
By using the site you agree to the termsMembership is non-refundableYour uploaded photos can be used by
motherlyhookups at their discretion
What’s the problem?Many people don’t read fine print so many
will think these are real profilesTo even contact the member you have to shell
out moneyThis tricks many people to pay for
membership to contact the member, that is 21, and is so interested with meeting up with a 51 year old man….
When you pay you realize there is nothing of substance on the website
My Interactions with motherlyhookup.comWell I interacted with the site like a normal
user would and interacted with the site for less then 3 days when I get a internal site IM message from a supposed real member named Anna
She said to add her on Skype, cause she has some “tricks” she wanted me to see.
The Conversation with Anna over Skype
The Conversation with Jessica over Skype
After the ConversationWell after the conversations, the
investigating began
With the goal being to find out if the two dating sites I signed up to were fronts for a scam
Methods Followed• Not only did I communicate with Anna, but with other “real”
profiles on motherlyhookup.com as well, all to gain more data pointing to potential sites or users trying to scam
• The first part of my investigation was to track and record IP addresses of the usernames, the websites and the links sent to me through IM Messaging, and research the two websites I signed up to
• I tracked IPs down using reverse IP lookup tools, which also gave me an approximate location of where the IPs come from
• The next part was to figure out how the IPs were related and how they were linked together, were they associated with motherlyhookups.com and other sites linked to it?
• Finally to see if maybe these sites were hijacked, or attacked, I checked the HTML and Javascript, for vulnerabilities with my basic knowledge of HTML and Java I did not find this to be the case, though an expert in HTML and Java would be needed to find out for sure.
Anna
Jessica
The customer support also handled by Jessica?
One of the Transaction Sites Support Page
Transaction Support Site Hostility
The Outcome Based on the links sent to me and after going through the payment process, I’ve verified
that I’m being scammed into purchasing membership, or submitting credit card credentials
Based on looking up complaints and other people who may have used the site, I’ve verified that the site is known for scamming people
The links sent to me via Skype IM with Anna were found to be linked to motherlyhookups.com
Jessica was found to be attempting the same scam method and same introduction lines as Anna, linking to the same websites as Anna, therefore I consider Anna and Jessica to be the same entity.
The transaction sites used to process transactions from the two dating sites were also found to be fake
Based all of the above information I’ve strong evidence that shows both adulthookups and motherlyhookups are websites made to be a front for scams.
Based on using the motherlyhookups.com’s “search for members” feature I found about two females and 72 males in the entire state of TX that had verified, authentic photos
Both Jessica and Anna attempted to get money sent to the Philippines The actual dating sites were linked to web servers hosted in different parts of the world,
but the money was always somehow linked back to the Phillipines
Even if they don’t get my money…They can still win by selling personal
information.