Swipe Carefully – DNC Advises Against Oversharing
The Democratic National Committee (DNC) sent an email warning campaign staffers and candidates about oversharing on dating apps and social media. Hackers, scammers, and even skilled advanced persistent threat groups can use the information found in online dating profiles and social media accounts and use it to harvest sensitive campaign information.
The may also use dating sites to establish trust and carry out romance scams.
“We’re received reports that opposition groups may be trying to ‘sting’ or infiltrate Democratic campaigns or organizations through dating sites,” stated an email from the DNC which was first reported by CNN.
The email was sent to DNC staffers.
The alert warns staffers that although dating profiles may seem legitimate, opponents and criminals may be romance scammers looking to mine data about a campaign or the candidate.
How Social Engineering Works
Social engineering is a type of cyber attack in which a hacker gleans information about a target from online sources. The threat actor searches social media profiles, corporate websites, LinkedIn profiles, video conferencing apps, and public records to build profiles about potential targets. They use this information to craft personalized messaging used in spearfishing campaigns.
People looking for relationships on dating app are especially vulnerable.
When a spear phishing email or phishing text message (smishing) contains names familiar to the victim, they are more likely to be fooled by the hacker.
Trust but verify
Staffers were warned to verify who they were matched with. Verify who and where the person that you meet online or on a dating app is . Try a reverse image search on a profile picture. Ask to see their Facebook Instagram or LinkedIn profiles. Don’t accept excuses like they are in the military overseas are unavailable to talk for a variety of reasons. Often romance scammers will avoid meeting in person and offer up a variety of reasons but I cannot do so. despise them time while they establish trust and began to steal information or money from their victim.
Dating profiles and social media posts often contain the answers to common password reset questions. Information such as your hometown, where you went to school, name of your spouse, children’s names, and pets’ names, can all easily be found in social media posts and profiles. Information in dating apps can be used against you or a candidate by unscrupulous opponents.
The backgrounds of photos can also contain valuable clues about what is in an office. For example, a post of an office ID badge lets a criminal know how to create their own access badge for a building.
This valuable information takes no special hacking skills to acquire. It just takes time and determination.
- Passwords – People commonly reuse passwords across multiple accounts. So, if a hacker gets into your Instagram account or dating app, that may also use that same password for your work email or bank account.
- Email addresses and names – Email addresses and names other campaign staffers can be used to craft spearfishing emails. when an email attack contains personal information, the messaging seems more credible and the reader is more likely to be fooled.
- Job titles – Job titles are valuable information because it helps the scammer send an email to the right decision maker. For example, they may send an invoice to someone in accounts payable in an attempt to execute a fraudulent wire transfer
- Campaign Volunteer names – Volunteers’ names are very important because this information can be used to find them on social media. If the scammer is able to befriend or romance volunteers, they may be able to build trust and gain valuable campaign strategy information or access to databases.
People typically move a dating app conversation to another messaging platform like email WhatsApp or we chat to further the connection . this makes it easy for the hacker scammer to learn your email address and or phone number. next the scammer can use your email address or phone number to try and reset passwords to your email social media accounts.
People frequently use the same password across multiple on-line accounts so if the scammer gets into one account there likely to get into more social engineering your way into someone’s email account doesn’t require much skill.
How online dating scams work
Online dating scams are effective because the criminal establishes trust over a long period of time. People looking for relationships are often more willing to trust people they talked to in a dating app or through social media . This leads in vulnerable to overshare information about themselves in hopes of establishing a relationship.
About the Democratic National Committee (DNC)
The Democratic National Committee is the governing body of the United States Democratic Party and is based in Washington, DC.