They could also use an exploit kit, but since most use dating apps on mobile devices, this is somewhat more difficult.
Once the target is compromised, the attacker can attempt to hijack more machines with the endgame of accessing the victim’s professional life and their company’s network.
They arrived just fine and weren’t flagged as malicious.
With a little bit of social engineering, it’s easy enough to dupe the user into clicking on a link.
It can be as vanilla as a classic phishing page for the dating app itself or the network the attacker is sending them to.
And when combined with password reuse, an attacker can gain an initial foothold into a person’s life.
We also employed a few house rules for our research—play hard to get, but be open-minded: The goal was to familiarize ourselves to the quirks of each online dating network.
In fact, there’s even a previous research that triangulated people’s exact positions in real time based on their phone’s dating apps.
This isn’t to say though that this couldn’t happen or isn’t happening—we know that it’s technically (and definitely) possible.
But what’s surprising is the amount of company information that can be gathered from an online dating network profile.
That meant we also had to like profiles of potentially real people.
This led to some interesting scenarios: sitting at home at night with our families while casually liking every single new profile in range (yes, we have very understanding partners).
People are increasingly taking to online dating to find relationships—but can they be used to attack a business?