13 July 2016

How not to get scammed on Tinder

| Chris Mordd Richards
Join the conversation
23
Internet Dating Scam

And how to get back at the bastards if it does happen to you.

Part 1 – The victim is ensnared

A few weeks ago I started using Tinder for the first time. Got some matches, had a few fairly non-eventual conversations, until that is I met Shaniqua. She seemed interested in me, we had some stuff in common, but she told me she didn’t like Tinder much and was going to delete her profile soon, so could we chat on Skype instead? Now while that might seem innocent enough – this is actually Step 1 in the scammers playbook. For them to properly ensnare you, they can’t do it on Tinder chat itself – it makes it too easy for Tinder to ban them later when you report the user. more on that in Part 2 – Getting Revenge.

So in my naivety, I said yes, no problem, let’s chat on Skype. So I messaged Skype user Munchkinnn212 and we continued chatting. The conversation quickly turned sexual, and I thought hey I’m up for a bit of sexting no probs, so we continued. Then she said she wanted to meet up – again this should have been a warning sign in hindsight, but I had heard stories from friends about Tinder “hookups” happening exactly like I was experiencing myself, so I didn’t think anything out of the ordinary.

That is when she laid the trap – to meet up, first all I had to was verify my age using a free website. At this point I should have realised something was up, but I am naive in love and I let myself believe that everything was normal. So I went to the site, http://www.verify2meet.online/ (also http://www.verify2meet.site/) – do not try and go there, it has since been taken offline, more on that in Part 2. So I checked out the site, it clearly proclaimed itself as a Free Age Verification site, all you had to do was enter you credit charge and you would be approved. I carefully checked the T&C’s on the site, and it clearly specified no charge would be made to my card, etc … It was all very legitimate looking and I let myself be taken in.

So I entered my credit card details and clicked accept, and it immediately redirected me to a porn website. This is where the alarms bells finally went off for me. I tried messaging the girl I had been talking to and of course got no response. I was already on the phone with Westpac 24 hour card services waiting to be connected as well. I told them what I had done and asked them to put a block on my card, but it was too late. A charge of US $39.99 had been made to my card, which was $51 something out of my account. This was actually good news, at least it wasn’t a massive amount, I could deal with losing $50 temporarily while I sorted things out, but a bigger charge would have wiped me out. I had them block the card anyway and have since had the card cancelled and replaced with a new card with a different number, so it’s useless to the scammers now.

Part 2 – Getting Revenge

So how was I going to deal with all this? I wasn’t taking it lying down, so I swung into action. First I checked my email, and sure enough I had an email from a website called IDreamofPussy.com – NSWF – do not visit, I have not linked it for a reason. They were the ones who had charged my credit card. So I tracked down contact info for them. First I sent an email demanding a refund. This bounced back undeliverable due to my email server IP being on a scam blacklist – something my host later confirmed to me was a scam in and of itself. Next I found a phone number for them, and calling got onto a 3rd party operator in the States. I explained what had happened and demanded a refund, and he assured me he could process this for me. So that was reassuring, but I still wasn’t sure he wasn’t just lying to me, I would have to wait and see.

Meanwhile I got to work on dismantling the network the scammers had used to target me with. First I reported the user in Tinder and fired off an email to Tinder customer support. I debated doing the same with Skype but realised they were unlikely to act, so I left that alone and moved on to the next target.

Some googling led me to the information that the website they had used was hosted by Amazon Web Services. So I sent off an email to ec2-abuse@amazon.com outlining the situation and asking them to look into it. At first they ignored me and said there was nothing to look into, but I wasn’t taking that for an answer, and kept sending them more emails with more evidence and demanding they escalate the investigation to a senior representative.

Today my persistence with Amazon finally paid off. The website the scammers used has been shut down. Yes they will move to a new host sooner or later, but for the moment they have been reminded that legitimate hosting services like Amazon will not facilitate illegal scams like this being carried out on their service and for the moment are offline. I would like to commend Amazon for acting (in the end) to do the right thing.

Dear *****,

Please accept our apologies for the long delay in responding to your last emails. We have done additional research into this issue. Our privacy policies do not permit the discussion of our mitigation strategies, but you may be pleased to know that the site reported to be hosted on AWS, verify2meet.online, is no longer live. We hope that this addresses your concerns. Please let us know if we can be of further assistance.

Warm Regards,
Amazon Web Services

So far so good. However the Tinder profile that started all this is still online. Although their ability to scam people for the moment just got cut off at its knees with no website they can use to harvest CC information via. I have sent off yet another email to Tinder support outlining Amazon’s actions and requesting again that they ban the user and ban their IP address. Hopefully now that Amazon have acted Tinder might be willing to take me more seriously. Frankly I am disappointed that when you point out to them that someone is using their service to scam their users, they don’t seem very interested in doing anything about it, which is a shame. However I am not giving up yet, and with persistence I’m confident I can get Tinder to act.

So the lessons here are, there are scammers on Tinder. If someone asks to take the conversation off Tinder – be very very wary, you are much safer as long as you keep using the Tinder platform until you are really confident about who the other person is. If you really must take the convo off Tinder, insist on Facebook chat not Skype or something else, this makes it easier to report it if something goes bad later as Facebook safety team are pretty good. Last lesson is if they link any website to you to visit – do not do it. Age verification websites are mostly a scam, if you get asked this end the convo and report the user and keep yourself safe, learn from my stupid mistake.

Note I have used the real Tinder and Skype username in this piece as it’s important to know they are not who they say they are if you come across them yourself. Shaniqua is still showing up in people’s matches in the ACT using Tinder, so watch out for this profile if you match with it.

Just remember though, scammers like these rely on their victims being too ashamed to do anything about it. But you can do something about it, even if its nothing more than report it to ScamWatch – https://www.scamwatch.gov.au/report-a-scam – (which I did as well, although I can’t update them now about Amazon taking the site down so there’s probably not much they can do anymore with my report). I wasn’t willing to just be a victim though, so I acted and got the site shut down. That is the best outcome I can think of. I also got the credit card charge refunded, so I am not out of pocket either.

I was naive and made a mistake, I am hoping that by sharing my story with you all I can help prevent scammers like this from taking other people in. Internet dating has changed things a lot for our generation, and we need to be aware of scams like this that prey on hapless lonely singles. Share this with your friends and make sure no-one you know ever falls victim to a scam like this. As a last note, if you google “verify2meet scam” it becomes very obvious that it is indeed a scam. Just a pity I didn’t do this myself at the time.

Update: The sites they use are back online, they have signed up another Amazon hosting account and put them back online. I have emailed Amazon again alerting them to this and to take action on this new account. The game of whack-a-mole begins. I have reported it again and it has been taken back down. They again signed up another AWS (Amazon Web Services) account and put the site back online again. I reported it to Amazon again and it was taken offline. I have requested that they look into some way to block the domain name from ever being added to an AWS account again and they are looking into it. For the moment I keep reporting them every time the site goes back and Amazon takes it offline again. They will get bored eventually and change hosts, im just curious to see how long that will take at this point.

Join the conversation

23
All Comments
  • All Comments
  • Website Comments
LatestOldest

It took me a while, but I finally convinced the family to let all phone calls go through the the answering machine. A good way to screen out telemarketers, and people you just don’t feel like talking to at the time. It’s funny how so many people are conditioned to answer the phone as soon as it rings – Pavlov would be pleased.

You can report these scams, but I doubt anything will be done apart from compiling statistics. You need to take action to protect yourself.
Despite being on the Do Not Call Register I received numerous scam telemarketing calls. Initially, the phone would ring, if I picked up, the caller would hang-up. Strange. Then later there would be a short delay before the call was diverted to a person with an Indian accent. More and more calls started coming in. ‘Sir, your computer has a virus.’ ‘This is the Accident Call Centre and I would like to speak to the person in the house who had a car accident. ‘Good morning, today we have a special offer on an improved phone service.’ etc
The phone calls are initiated by an automatic calling device that rings numerous numbers at random, or targets a locality, to detect which numbers are answered. Phone numbers that answer are passed or sold onto telemarketers. Those that don’t answer are rung multiple times until they do answer (around dinner time). Numbers that are disconnected are not called again. The calling robot detects the unique disconnected phone sound (be-be-beeeep) and terminates the call.
So you have to persuade the scammers you don’t exist by having a disconnected number. To do this install a phone disconnected message to answer all incoming calls. You can download phone disconnected sounds to record onto your own answering machine. The start of the answering message is the phone disconnected sound, then record your own message. So far working well. Not ideal, but that’s the world we live in and better than getting hostile with them. Now I mostly just get calls from friends and family.
This might also upset the business model of market research/survey/polling companies with their loaded questions.

justin heywood2:19 pm 12 May 16

Lurker2913 said :

Because of these scams I often now mistrust emails from my genuine phone provider and will ring them ..

Yep. We’re all victims of the scammers, not just the gullible. Scammers have damaged our major forms of personal connections and made us retreat just that bit further into our own little worlds.

Nobody trusts an unsolicited email or phone call, and even legitimate websites are viewed with suspicion. Imagine working for legitimate companies and trying to contact a customer.

“Hi. I’m Zack from Microsoft”. click!
“Hello, it’s Justine from Telstra. I’m not trying to se..” click!
“Hi, I’m Bill from the Tax Office. How are you going toda..” F@#% Y#%!!!

Not to mention the plight of genuine Nigerian businessmen and truly lovelorn Russian women.

Because of these scams I often now mistrust emails from my genuine phone provider and will ring them in answer to an email rather than respond to the email. So far, these emails have all been genuine. If other people are now ringing the phone company like me because they are worried these emails might not be real, this will be giving more work to the phone companies, so these scams have an indirect affect on them too.

Affirmative Action Man9:30 am 12 May 16

Mate when a name like Shaniqua popped up I would have run a100 miles.

Mordd said :

They should be reported to the Australian Cybercrime Online Reporting Network
http://www.acorn.gov.au

I recently started getting phone calls on my mobile from the “The Australian Taxation Office” telling me I was about to be arrested and to ring a number. (Local ACT number).
Needless to say the number rang through to an Indian bloke called “David”. My next call was answered by an Indian bloke called “Nathan”. My next 25 calls were answered by various Indian blokes called “Is that you again”, “Stop calling us”, “@%$@”, and so forth.
Each time I said to them, “Please just hold the line, I’m just trying to trace the call.” They got super-annoyed. Haha.

Anyway, I struggled to work out how to report the scam – the number is clearly a local number. I checked the register and it is part of a block of numbers owned by a Sydney telecomms reseller – I rang them and my call was answered….by an Indian bloke. He wasn’t even faintly interested that a number his company owned was being used for criminal purposes. I wonder why….
Scamwatch wasn’t interested, because they said they are already aware of it and the information is already on their website – what use is that?
The Police aren’t interested, they just told me to talk to Scamwatch.
ACMA seemed promising, but they mostly tried to shift the buck elsewhere, although at least they had a webform where I was able to list the number, to confirm that dialling it gave me scammers, and that it was an Australian number owned by an Australian company.
ACORN also had a webform, but it didn’t seem to understand that criminal frauds perpetrated using a telecomms service are also cybercrime. (It’s bound to be using SIP to connect it to the dodgy Indian call centre).

All in all, we don’t seem to be setup to stop this stuff – ACMA should be serving a notice on the Sydney telecomms reseller giving them 24 hours to stop facilitating crime, similar to the legislation they introduced in about 2000 which put a complete stop to Australian-generated email spam.

I get scam emails supposedly from PayPal. They usually say that my account has been limited to $10.00, and if I want the limit raised or removed I have to click the link in the email. The link has the proper PayPal account link written, but if you put the cursor on it the URL in the bottom left corner has a completely different URL. The actual page has the artwork and formatting of the PayPal account page but the giveaway is the fact that it is the UK Paypal page, and PayPal directs all Australian users to the Australian site. This scam is so widespread that I routinely delete every email with PayPal in the sender field, even the authentic ones.

Steven Bailey said :

Mordd said :

Could have been worse. There is a far more insidious scam going around online dating services, from what I understand it goes something like this:
1) account user makes contact and agrees to meet up in person with the unsuspecting target
2) after a few dates, usually paid for by the unsuspecting target, account user demands to know where relationship is going, at which point the unsuspecting target is coerced into a shared living arrangement
3) unsuspecting target takes on increasingly larger proportions of living expenses
4) account user demands increasingly expensive gifts, ultimately seeking a diamond ring
5) account user takes half of the unsuspecting target’s assets

That scam’s been around since about 40,000BC. I can’t believe nobody’s shut it down yet.

Indeed.
Those people contemplating same-sex marriage should take note.

Citizen Phil9:09 am 11 May 16

You use WHOIS tools like [https://who.is/] [https://whois.icann.org/en] [https://www.whois.net/] which will tell you a bit more about who setup a domain. Mostly the information is private but you can find out some information of where the domain was originally registered.

Apologies as I missed yesterday the information from WHOIS regarding Namecheap being tied to those sites as domain registrar, that’s who I should have mentioned yesterday. I just posted the name servers which in full are dns1.registrar-servers.com up to dns5. My bad for missing that and the fact you’d already posted the scamwatch information.

But I’ll echo Miz and say good work and keep at em. I’m keen to read your updates now and if I can offer anything else I’ll pipe up. Good luck 🙂

Mordd said :

Could have been worse. There is a far more insidious scam going around online dating services, from what I understand it goes something like this:
1) account user makes contact and agrees to meet up in person with the unsuspecting target
2) after a few dates, usually paid for by the unsuspecting target, account user demands to know where relationship is going, at which point the unsuspecting target is coerced into a shared living arrangement
3) unsuspecting target takes on increasingly larger proportions of living expenses
4) account user demands increasingly expensive gifts, ultimately seeking a diamond ring
5) account user takes half of the unsuspecting target’s assets

Hahaha, good one!
Or, in the alternative scenario, ‘unsuspecting target’ racks off with another ‘account user,’ leaving the original account user in difficult financial circumstances – though I guess they still have the diamond ring to hock

Servers.com says they have nothing to do with the sites:

Hello,

None of the websites http://www.verify2meet.com, http://www.verify2meet.site & http://www.verify2meet.online is hosted in our network.

Where did you get the info from that they did?

madelini said :

The name Shaniqua wasnt the first tip off that something was amiss? Shaniqua is a go to name people rattle off when using a typecast “typical ridiculous black girl” name in jokes/memes etc.

I wasn’t aware of that until know, thanks for the tip!

rosscoact said :

Thank you Mordd for having the courage to share your experiences and the persistence to sic the perpetrators at least temporarily.

You’re welcome, it is embarrassing for me to admit publicly (even under my pseudonym) that I got taken in like this, I consider myself very web savvy and this is the first time i’ve ever fallen victim to an online scam, but this just shows how insidious they are getting and how even smart people who know better can still be taken in with the right set of circumstances. I sincerely hope that by sharing what happened to me I can help stop it happening to someone else.

Neil34 said :

Both sites are registered with https://www.servers.com, they’ll have more bite then AWS in this situation. But you’re going at this from the wrong angle, they have hundreds of domain extensions to keep changing to, .cloud, .club, .life, .online, etc. before they even have to think about changing the actual name of the site and just redirecting their traffic all around the place. No offence but your game of whack-a-mole with them will just make them better at their scam.

Try http://www.scamwatch.gov.au/ or http://www.ic3.gov/default.aspx and have them properly investigated. You’ve been scammed, got lucky because you were quickly onto it, but there will be hundreds if not thousands of others getting scammed like you and not reacting like you did. Help them by taking the scammers down properly.

Think about it like this, if you got robbed and the robber jumped in an Avis rent-a-car to escape in, you wouldn’t ring Avis and say please don’t rent them any more cars, you’d ring the police.

If it wasn’t AWS it would be Google’s or Microsoft’s or some other cloud platform out there. It’s not their fault, this is the price we pay for having freedom to publish whatever we want on the internet.

Sure hit the scammers hard if you’ve been ripped off but do it properly, and maybe be a little more careful online as well. Remember it’s always your fingers that punch in your credit card details.

I had already reported it to Scamwatch as I advise to do in the article. I have now also reported it to the IC3 website. I looked up Servers.com, and while I can’t quite figure out exactly what they do for these guys, nor was I able to actually confirm they are customers of Servers.com (how did you work that out? i’m keen to know!) I did however send off a polite email to them on the basis of your post informing them of what the site is and that they are apparently customers of their and asking them to look into it and take any appropriate action. Will see what happens with that. Thanks for the information. And yes I realise my “game” with reporting them to Amazon is somewhat pointless, as you say there are now hundreds of domain name extensions they can potentially use and plenty of places for them to host, including ones that wouldn’t shut them down like Amazon. I am determined however to make life as annoying for them as I can in whatever way I can at the moment, so that’s what I am doing.

deleted – when trying to edit it destroyed the layout and made it unreadable, posting again.

Not sure why you didn’t think you would get any response from Skype. My experience with Microsoft (their owner) has been that they have been very good at addressing this type of thing.

They should be reported to the Australian Cybercrime Online Reporting Network
http://www.acorn.gov.au

Thankfully, I am way past seeking a partner. Not sure I would want to hook up with someone via the mobile phone!

However… probably nobody on here remembers the early 1980s in Canberra when advertisements in Saturday’s Canberra Times for a “singles party” at people’s homes was all the go! I even had one at my place. All above board but “somebody” stole my Kenny Rogers (“Lady”) cassette.

Those where the days. One left the front door open in Summer to let the cool breeze through. I felt very safe in Canberra having moved here from Sydney where my place was like Fort Knox!

As with any website where you converse with strangers, you need to keep your wits about you. Basic rule of thumb is that if someone you don’t know is asking for your credit card details, probably don’t give them (and especially not through a random website).

If a real person on Tinder wants to move the conversation away from the app, the usual course of action is to swap mobile numbers – or suggest that you will swap numbers if you get along in person.

Mordd said :

Could have been worse. There is a far more insidious scam going around online dating services, from what I understand it goes something like this:
1) account user makes contact and agrees to meet up in person with the unsuspecting target
2) after a few dates, usually paid for by the unsuspecting target, account user demands to know where relationship is going, at which point the unsuspecting target is coerced into a shared living arrangement
3) unsuspecting target takes on increasingly larger proportions of living expenses
4) account user demands increasingly expensive gifts, ultimately seeking a diamond ring
5) account user takes half of the unsuspecting target’s assets

That scam’s been around since about 40,000BC. I can’t believe nobody’s shut it down yet.

Anyone who has an account with GoDaddy may get an email from them which appears to be very genuine (even has the correct phone support number and customer number).
The email address: notice@e.godaddy.com is false.
The body of the email invites the customer to “set up auto-renew now” which is the “baited hook”.
When I phoned the real GoDaddy they confirmed it was a scam but couldn’t explain how the scammers had obtained customer numbers.
This is nearly as good as the regular “Australia Post missed delivery scam emails”.

devils_advocate11:55 am 10 May 16

Could have been worse. There is a far more insidious scam going around online dating services, from what I understand it goes something like this:
1) account user makes contact and agrees to meet up in person with the unsuspecting target
2) after a few dates, usually paid for by the unsuspecting target, account user demands to know where relationship is going, at which point the unsuspecting target is coerced into a shared living arrangement
3) unsuspecting target takes on increasingly larger proportions of living expenses
4) account user demands increasingly expensive gifts, ultimately seeking a diamond ring
5) account user takes half of the unsuspecting target’s assets

Citizen Phil11:00 am 10 May 16

Both sites are registered with https://www.servers.com, they’ll have more bite then AWS in this situation. But you’re going at this from the wrong angle, they have hundreds of domain extensions to keep changing to, .cloud, .club, .life, .online, etc. before they even have to think about changing the actual name of the site and just redirecting their traffic all around the place. No offence but your game of whack-a-mole with them will just make them better at their scam.

Try http://www.scamwatch.gov.au/ or http://www.ic3.gov/default.aspx and have them properly investigated. You’ve been scammed, got lucky because you were quickly onto it, but there will be hundreds if not thousands of others getting scammed like you and not reacting like you did. Help them by taking the scammers down properly.

Think about it like this, if you got robbed and the robber jumped in an Avis rent-a-car to escape in, you wouldn’t ring Avis and say please don’t rent them any more cars, you’d ring the police.

If it wasn’t AWS it would be Google’s or Microsoft’s or some other cloud platform out there. It’s not their fault, this is the price we pay for having freedom to publish whatever we want on the internet.

Sure hit the scammers hard if you’ve been ripped off but do it properly, and maybe be a little more careful online as well. Remember it’s always your fingers that punch in your credit card details.

Thank you Mordd for having the courage to share your experiences and the persistence to sic the perpetrators at least temporarily.

The name Shaniqua wasnt the first tip off that something was amiss? Shaniqua is a go to name people rattle off when using a typecast “typical ridiculous black girl” name in jokes/memes etc.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.