The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld.
According to the American watchdog, a common scam involves a fraudster posing as a potential romantic partner on one of the apps. The cybercriminal sends explicit of a stranger photos while posing as them, and asks for similar ones in return from the mark. If the victim sends photos, the extortionist demands a payment – usually in the form of gift cards – or threatens to share the photos on the chat to the victim’s family members, friends, or employer.
Such sextortion scams have been going on for years in one form or another, even attempting to hit Reg hacks, and has led to suicides.
Crooks can also take another approach.
“Other scammers threaten people who are ‘closeted’ or not yet fully ‘out’ as LGBTQ+,” the FTC wrote in an advisory. “They may pressure you to pay up or be outed, claiming they’ll ‘ruin your life’ by exposing explicit photos or conversations. Whatever their angle, they’re after one thing — your money.”
This extortion are the latest example of criminals using an event to target their victims: Pride Month, which marks the anniversary of the 1969 Stonewall protests in Greenwich Village in New York City following a police raid on a bar. It was the tipping point for the gay pride movement.
The FTC for months has worked to make LGBTQ+ folk aware of scams that target their community. The latest blast from the agency is similar to one sent out in September 2021. In addition, last month, as part of National Consumer Protection Week, the FTC asked LGBTQ+ people to report scams to educate more than 3,000 law enforcers and to help the agency get the word out to protect others.
“Scammers often like to impersonate familiar people, organizations, and companies that we know and trust,” the agency wrote. “For the LGBTQ+ community, that can include ‘safe spaces'” where people can freely live their lives.
The regulator earlier this month reiterated that dating apps are among the most popular ways scammers target LGBTQ+ members, as well as job boards aimed at helping those in the community find welcoming employers.
More generally, the FBI for several months has talked about the rise in online romance-related scams. In September, the bureau said such schemes usually include initial contact through dating apps or other social media sites and, through creating an online relationship with the targeted victim, the scammer pitches a cryptocurrency investment or other trading opportunities promising significant profits.
According to the FBI, between January 1 and July 31, 2021, there were more than 1,800 complaints filed about romance scams that cost victims about $133.4 million.
In March, the FBI in its 2021 Internet Crime Report [PDF] said that confidence fraud and romance scams resulted in the third-highest financial toll on victims in 2021, resulting in more than $956 million in losses.
Nicole Hoffman, senior cyberthreat intelligence analyst with cybersecurity vendor Digital Shadows, told The Register that romance scams are among the most common financially motivated cybercrimes, and prey on emotions and rely on social engineering.
However, these sextortion scams being perpetrated on the LGBTQ+ community through dating apps are different, with crooks using fake profiles to trick victims into compromising themselves by sharing explicit photos that are then used against them. Such schemes have been around for a while, though they became more widespread during the COVID-19 pandemic, Hoffman said.
“It is not always easy to spot these fake profiles because there are several websites online that will create fake personas including names, email addresses, employment, family, personal interests, etc.,” she said in an email.
“To avoid these types of scams, be careful not to overshare on social media and dating apps. Look out for red flags such as requests for money or pressure to share photos or videos. Avoid using your webcam as attackers can use the footage against you.”
Patrick Harr, CEO of anti-phishing firm SlashNext, told The Register his company has Pride Month threats in its database, most of which are scams for streaming Pride events or scams on the Fansly fan site.
“Phishing tends to spike during holidays and events,” Harr said. “Given that Pride Month continues to grow in popularity and this year in-person events are back, seeing growth in phishing correlates as opportunities for cybercriminals.”
The FTC also warned people not to share personal information with someone they just met on a dating app, check out the person they’re talking to – including running reverse image searches of the profile picture to determine if it’s associated with another scam – and not to pay the extortion money. There’s no guarantee the extortionists will destroy the images and are likely to come back for more. ®