Scamming unsuspecting lovers via dating sites is not uncommon, but people can usually spot a fake profile from a mile away.
Compromising legitimate profiles is a much smarter, albeit more insidious, way to go.
Researchers at the Netcraft Internet security blog discovered 862 phishing scripts making the rounds at popular sites, and only eight of them targeted banks.
MORE: 10 Best Dating Apps The scripts themselves run fairly standard phishing scams.
After acquiring email addresses from members of dating sites, the script sends a message telling members that they need to log into their accounts for any number of fraudulent reasons (usually "account confirmation" or something that sounds equally innocuous).
The email displays a URL to, say, e Harmony, while actually linking to a disreputable site that copies the e Harmony aesthetic and login system.
When users enter their login information, it goes into the hands of malefactors.
The phishers can then log into users' dating profiles, change the password and lock legitimate users out.Phishing for dating sites rather than banks may seem counterintuitive; after all, dating sites hold relatively little in the way of compromising personal or financial information.A user on a dating site may list his or her credit card information, but compared to a bank account with tons of money, a home address and a social security number, the risk/reward balance at a dating site seems unfavorable.However, dating sites provide phishers with a unique opportunity to prey on the emotionally vulnerable.By impersonating a potential partner, building up a relationship online and then claiming to be in financial distress, a cunning phisher could scam a well-meaning but gullible user out of thousands of dollars.This is less efficient than hacking bank accounts, but much harder to trace and potentially much easier to pull off.