They’ve migrated from lewd photos and explicit language to more plausible, girl-next-door-style pictures.And they’ve programmed their bots to try to mimic a normal conversation, hoping to trick users into providing their phone numbers before they realize they’ve been had, security researchers say.“They’re just average pictures of your average girl that you would encounter on Tinder,” said Narang, “so it’s harder to differentiate, ‘Oh yeah, that’s clearly a bot,’ while you’re swiping through.” The newer bots respond more slowly to messages than older automated accounts, which would often contact new matches and conspicuously send flirtatious messages faster than any human could type, Narang explained.
“It won’t happen for about 50 minutes, 45 minutes, then [you’ll] get the message.” And rather than sending explicit messages and advertising links through Tinder itself, the new generation of bots will open with a quick compliment or attempt at flirtatious banter, then send a phone number or Kik username and ask would-be suitors to send them a text, according to Narang.
“If you message them through SMS, that’s when they’ll actually go through their scripted conversation, talking about how they want to go on an adult webcam site,” he said.
Pindrop Security, which monitors online reports of phone fraud, said in an October blog post that it had seen increased numbers of Tinder-related text spam complaints, which it suggested might be the result of better spam detection by Tinder itself.
Spammers took to Tinder soon after the matchmaking app went mainstream in 2013, setting up automated accounts to message lonely bachelors with ads for porn and webcam strip shows, according to reports from security firm Symantec.
Initially, their approaches were fairly transparent, using profile photos of scantily clad women and simplistic automated chat bots that immediately mixed dirty talk with links to sleazy subscription sites.