And how to get back at the bastards if it does happen to you.
Part 1 – The victim is ensnared
A few weeks ago I started using Tinder for the first time. Got some matches, had a few fairly non-eventual conversations, until that is I met Shaniqua. She seemed interested in me, we had some stuff in common, but she told me she didn’t like Tinder much and was going to delete her profile soon, so could we chat on Skype instead? Now while that might seem innocent enough – this is actually Step 1 in the scammers playbook. For them to properly ensnare you, they can’t do it on Tinder chat itself – it makes it too easy for Tinder to ban them later when you report the user. more on that in Part 2 – Getting Revenge.
So in my naivety, I said yes, no problem, let’s chat on Skype. So I messaged Skype user Munchkinnn212 and we continued chatting. The conversation quickly turned sexual, and I thought hey I’m up for a bit of sexting no probs, so we continued. Then she said she wanted to meet up – again this should have been a warning sign in hindsight, but I had heard stories from friends about Tinder “hookups” happening exactly like I was experiencing myself, so I didn’t think anything out of the ordinary.
That is when she laid the trap – to meet up, first all I had to was verify my age using a free website. At this point I should have realised something was up, but I am naive in love and I let myself believe that everything was normal. So I went to the site, http://www.verify2meet.online/ (also http://www.verify2meet.site/) – do not try and go there, it has since been taken offline, more on that in Part 2. So I checked out the site, it clearly proclaimed itself as a Free Age Verification site, all you had to do was enter you credit charge and you would be approved. I carefully checked the T&C’s on the site, and it clearly specified no charge would be made to my card, etc … It was all very legitimate looking and I let myself be taken in.
So I entered my credit card details and clicked accept, and it immediately redirected me to a porn website. This is where the alarms bells finally went off for me. I tried messaging the girl I had been talking to and of course got no response. I was already on the phone with Westpac 24 hour card services waiting to be connected as well. I told them what I had done and asked them to put a block on my card, but it was too late. A charge of US $39.99 had been made to my card, which was $51 something out of my account. This was actually good news, at least it wasn’t a massive amount, I could deal with losing $50 temporarily while I sorted things out, but a bigger charge would have wiped me out. I had them block the card anyway and have since had the card cancelled and replaced with a new card with a different number, so it’s useless to the scammers now.
Part 2 – Getting Revenge
So how was I going to deal with all this? I wasn’t taking it lying down, so I swung into action. First I checked my email, and sure enough I had an email from a website called IDreamofPussy.com – NSWF – do not visit, I have not linked it for a reason. They were the ones who had charged my credit card. So I tracked down contact info for them. First I sent an email demanding a refund. This bounced back undeliverable due to my email server IP being on a scam blacklist – something my host later confirmed to me was a scam in and of itself. Next I found a phone number for them, and calling got onto a 3rd party operator in the States. I explained what had happened and demanded a refund, and he assured me he could process this for me. So that was reassuring, but I still wasn’t sure he wasn’t just lying to me, I would have to wait and see.
Meanwhile I got to work on dismantling the network the scammers had used to target me with. First I reported the user in Tinder and fired off an email to Tinder customer support. I debated doing the same with Skype but realised they were unlikely to act, so I left that alone and moved on to the next target.
Some googling led me to the information that the website they had used was hosted by Amazon Web Services. So I sent off an email to firstname.lastname@example.org outlining the situation and asking them to look into it. At first they ignored me and said there was nothing to look into, but I wasn’t taking that for an answer, and kept sending them more emails with more evidence and demanding they escalate the investigation to a senior representative.
Today my persistence with Amazon finally paid off. The website the scammers used has been shut down. Yes they will move to a new host sooner or later, but for the moment they have been reminded that legitimate hosting services like Amazon will not facilitate illegal scams like this being carried out on their service and for the moment are offline. I would like to commend Amazon for acting (in the end) to do the right thing.
Please accept our apologies for the long delay in responding to your last emails. We have done additional research into this issue. Our privacy policies do not permit the discussion of our mitigation strategies, but you may be pleased to know that the site reported to be hosted on AWS, verify2meet.online, is no longer live. We hope that this addresses your concerns. Please let us know if we can be of further assistance.
Amazon Web Services
So far so good. However the Tinder profile that started all this is still online. Although their ability to scam people for the moment just got cut off at its knees with no website they can use to harvest CC information via. I have sent off yet another email to Tinder support outlining Amazon’s actions and requesting again that they ban the user and ban their IP address. Hopefully now that Amazon have acted Tinder might be willing to take me more seriously. Frankly I am disappointed that when you point out to them that someone is using their service to scam their users, they don’t seem very interested in doing anything about it, which is a shame. However I am not giving up yet, and with persistence I’m confident I can get Tinder to act.
So the lessons here are, there are scammers on Tinder. If someone asks to take the conversation off Tinder – be very very wary, you are much safer as long as you keep using the Tinder platform until you are really confident about who the other person is. If you really must take the convo off Tinder, insist on Facebook chat not Skype or something else, this makes it easier to report it if something goes bad later as Facebook safety team are pretty good. Last lesson is if they link any website to you to visit – do not do it. Age verification websites are mostly a scam, if you get asked this end the convo and report the user and keep yourself safe, learn from my stupid mistake.
Note I have used the real Tinder and Skype username in this piece as it’s important to know they are not who they say they are if you come across them yourself. Shaniqua is still showing up in people’s matches in the ACT using Tinder, so watch out for this profile if you match with it.
Just remember though, scammers like these rely on their victims being too ashamed to do anything about it. But you can do something about it, even if its nothing more than report it to ScamWatch – https://www.scamwatch.gov.au/report-a-scam – (which I did as well, although I can’t update them now about Amazon taking the site down so there’s probably not much they can do anymore with my report). I wasn’t willing to just be a victim though, so I acted and got the site shut down. That is the best outcome I can think of. I also got the credit card charge refunded, so I am not out of pocket either.
I was naive and made a mistake, I am hoping that by sharing my story with you all I can help prevent scammers like this from taking other people in. Internet dating has changed things a lot for our generation, and we need to be aware of scams like this that prey on hapless lonely singles. Share this with your friends and make sure no-one you know ever falls victim to a scam like this. As a last note, if you google “verify2meet scam” it becomes very obvious that it is indeed a scam. Just a pity I didn’t do this myself at the time.
Update: The sites they use are back online, they have signed up another Amazon hosting account and put them back online. I have emailed Amazon again alerting them to this and to take action on this new account. The game of whack-a-mole begins. I have reported it again and it has been taken back down. They again signed up another AWS (Amazon Web Services) account and put the site back online again. I reported it to Amazon again and it was taken offline. I have requested that they look into some way to block the domain name from ever being added to an AWS account again and they are looking into it. For the moment I keep reporting them every time the site goes back and Amazon takes it offline again. They will get bored eventually and change hosts, im just curious to see how long that will take at this point.