Online security tips for Valentine's Day: how to beat the cheats

Online security tips for Valentine’s Day: how to beat the cheats

Valentine’s Day is upon us once more, and so are lots of dating-friendly security tips. Read on and secure your profile, alongside (one hopes) the love of your life.

1. Not so hot singles in your area

Many dating apps have geotagging enabled, regardless of whether you created your profile on a website or through the app itself. Some dating sites base the location you initially enter to serve up a list of possible matches within a certain radius, but they don’t display the location info on your profile.

Get familiar with the granular controls on the dating site’s settings and make sure you understand the differences. Many mobile apps aren’t hugely clear about which thing does what, so if in doubt, disable a particular feature until you can be 100 percent sure. As a side note, ensure you don’t have geotagging enabled on any photographs you upload. If in doubt, use a picture from a public location away from your main residence. You can also use online tools to check what EXIF information is stored in images you want to use and remove it if needed.

You’ll find some additional practical advice in terms of real world security on the Selfie Security blog we posted a while back. You should pay particular attention to not including location specific items in your photograph(s), such as bills with your address on them. Of course, if you want to enable geotagging then go ahead—just be mindful of the issues that could arise. The easier you are to find, the easier it is for that one terrible date you had to hang around your home, workplace, or just generally trail around familiar locations and become a major nuisance. We see many cases of stalking due to jilted hangers on from dating apps—don’t fall into this trap.

If stalking does happen to you, go to your local police department and let them know what’s happening. Depending on how much information the other person has, it may already be too late to go on blackout, but you can at least let those in authority know that somebody is pestering you.

2. Money thieves in your area

Scammers setting up fake profiles then asking for money is astonishingly common, and it’s all to easy to be taken to the cleaners as a result. Just like 419 scams, romance fakers often use templates—or just lazily cut and paste Bot spam to reuse for their own purposes—and fans of dating sites should get into the habit of Googling common phrases, just to see if someone else is saying the same thing. If Steven J. Fakename is posting identical romantic overtures on six different sites, you can be sure it’s time to move along.

With regard to common scam angles, watch out for anything related to:

  • Sick relatives
  • Medical emergencies
  • Lost overseas and need a plane ticket
  • Lost passport and need a visa/replacement passport
  • Wallet stolen and no funds available
  • Coming to visit, but there’s a last minute ticket price hike and I need your help

On a related note, don’t ever let strangers send money to your bank account for any reason. They’ll probably get you to forward the cash on to someone else, and at that point, you’ve become a money mule.

That’s a criminal offence, and you really don’t want to be doing any of those.

3. My other profile is also in your area

Be cautious around links sent your way that direct you to another website, and be particularly careful around links to downloadable files. Scammers will often try and remove you from the relative safety of the service you happen to be using, directing you to links and files that the dating site you started with can’t hope to contain. That’s been a staple attack on social media sites for many a year, but it works with dating too.

If someone sends you shortened URLs, you can usually expand them to see where they end up. If you’re still not sure, try googling the link. If still nothing comes up to allow you to make an informed decision, you should just ignore whatever you’ve been sent—it isn’t worth the risk. You’ll probably want to block and report the sender while you’re at it.

4. Personal information in your area

Don’t put your real name, age, or location in your profile, email, or anything else related to the dating site you’re on. Anonymous usernames are fine. You should also use a disposable email address when you sign up to a new dating service—not only will this keep people you’d rather not stay in touch with away from your main mailbox, it’ll also be obvious if a dating site decides to sell your email to spammers. This is a good trick to use outside of online dating, too. Of course, the less personal information you put on a dating profile, the more likely it is that potential suitors may simply move on. As with everything, the decision is yours.

5. Bots in your area

If you have an open private message system, you’ll likely receive many, many messages from people wanting to chat. Some dating websites will also send multiple daily messages to users via email claiming that persons x, y, and z would like to talk to you. They may even ask about cookie dough (and it better be delicious considering the eventual $118.76 monthly fee). Most dating bots will cycle through a canned script of a dozen or so phrases before claiming you need to be “verified” in some way. This will inevitably lead to a request for payment information.

Don’t do it. If in doubt, contact the service you’re using and ask them about it directly. You’ve probably seen examples of this on blogs about Skype spam.

Bots will advertise everything from pornography to mobile games, and spammers commonly use images ripped from the net for their profile avatars. You can try and see if the picture is a stock photo by using the “Search Google for this image” option in your browser, or fire up TinEye to see what’s out there.

Bot accounts probably won’t have a realistic looking bio, or have links to profiles on popular social networks. If it looks cookie-cutter, there’s a good chance it might be. Feel free to see if they pop up across the web anyway and you’ll quickly learn if they’re one of a kind or part of a wave of identikit bots. The bottom line is that nobody is going to start sending you random messages that you’re their hero and can we get married in 10 minutes please, so approach any and all conversations with a healthy dose of skepticism from the outset.

6. Dubious pics in your area

Be wary of people asking for intimate photographs and/or video, as this is a surefire way to find yourself blackmailed into handing over lots of money. If you do pay the blackmailer, there’s no guarantee the images won’t be leaked anyway. There’s also the issue of revenge porn to consider, and the legal issues that will inevitably arise as a result.

Put simply: don’t do it. Again.

Even with these precautions in place, problematic pieces of tech, such as the recent Deepfakes furore ensures that anyone placing even a few dozen images or video online could end up in a (fake) pornographic movie. Given that people tend to place many, many photos of themselves in their best light on dating pages, along with the occasional movie clip, it might be an idea to at least roll back the volume of photos you have of yourself online.

Hopefully, the above will help to keep you out of trouble while swiping left, right, up, and quite possibly down. Here’s to a safe online Valentine’s Day experience for everybody.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.