Yeah, about that.
explains Satnam Narang, senior security response manager at Symantec
Did Symantec roll out the patches for the month-old "open door policy via antivirus" fucking-extreme-out-there-buggeration yet?
Crooks on Tinder are using online safety as a lure to trick users into unwittingly paying for adult content. Automated spam bots masquerading as Tinder users are supposedly tricking other users of the mobile dating app into visiting a malicious third-party website to “verify their profiles”. “The spam bots instruct the user …
When it comes to online payment never rely on links from 3rd party sources. This is what I've been teaching the people around me:
"If you're shopping with Webshop A, then payment will only be done while you're still visiting Webshop A (and you'll be warned about redirects). If Webshop A suddenly sends you an e-mail with that really cool thing you want to buy then don't use those links. Instead: go to the website, find the stuff you want and then purchase it. It can be a drag (but think about all those other cool things you may find!) but it helps you to keep safe."
"If you're shopping with Webshop A, then payment will only be done while you're still visiting Webshop A (and you'll be warned about redirects)."PayPal excluded, I assume...
And all the other payment gateways. It's less common than it was, but there are still sites which rely on a hosted payment page to minimise PCI exposure.
Hell, one of my previous employers still used the "checkout" domain of their hosted ERP provider for any secure parts (checkout, payment, account management). I suspect this was to avoid paying for any decent certificates etc. but I always thought it looked rather unprofessional, and potentially scammy to the outside world.
"I suspect this was to avoid paying for any decent certificates etc."
More likely to avoid having to meet the (fairly detailed) requirements for handling payment card details. For a small company that doesn't do much business over the web, these requirements are more cost than they are worth. The downside of out-sourcing that facility to a third party is (as you've observed) the unprofessional look.
In contrast, someone like Amazon that keeps (across independent transactions) not only your card details but the verification code, to make 1-click purchasing possible, probably has to prove that its IT security is better than the average bank.
More likely to avoid having to meet the (fairly detailed) requirements for handling payment card details.
I wan't clear. The website was hosted by the ERP provider as part of the system. There would have been no additional PCI requirements. All that would have been needed is a CNAME record and a decent SSL certificate.
Not sure if PayPal supports it, but I've seen payment processors that will host a payment page for any website on their servers. It appears as a subdomain of the webshop, but is on secure PCI-compliant machines. All it takes is for a simple record to be added to the webshop's DNS and for the payment processor to cut a certificate for that subdomain (In my case, the payment processor was recognized as a trusted root CA by the big-name browsers, so it was free for them).
Paypal is a whole different world of pain
Used them for about 10 years to buy ebay stuff.
Then suddenly they decided they think they need a copy of my passport... so my bank and my passport stored together on a server with heaven only knows what backdoors, security holes etc... no bloody chance.
So now I can no longer use paypal for anything.
Oh well, so now I can't use ebay either
oh well
so now both ebay and paypal have lost a customer.
big deal for them I guess... but if others were only to follow suit it would be worth setting up something to replace them.
This post has been deleted by its author
"Teiwaz seems to have understood that."
(unaccountably chuffed) Yup!, thought that was obvious (hedgeporn,sandporn), I didn't understand Rule34 though, perhaps it's mistaken reference and the first google on the topic 'anything that exists, will have porn on it' - what, including coffee tables* and dead rabbits?
* well in my case maybe, if it wasn't for the requirement to appear not a complete deviant ecchi hentai and possible danger to society.
There aren't any real women on the Internet yet. Those are all men dressed as ladies. Real women are not scheduled to visit the Internet until July 2024. At that time I HIGHLY suggest that we be on our best behaviour. And put on some fucking PANTS! Jezz, guys, come ON! We can do this!
"If the user does not cancel their free trials within the specified period of time, their credit card will be billed by three different adult websites for a total of US $118.76. Those directly running the ruse make money from affiliate fees from the promoted adult sites."
How many people got caught by this? How many actually admitted to using Tinder, must be a lot to get a large enough sample to back trace the steps.
"...pictures of women dressed in lingerie ...designed to distract prospective marks from what’s really going on."
Obviously based on the comment that males have a limited blood supply and are unable to run both their brains and their willies simultaneously.
Penguins have enough of the vital fluid to go around
Most of them refer you to a website to talk to rather than Tinder.
Several of them try to get you off Tinder and on to Skype
The most worrying one asked to meet up, right then, to a particular location nearby. It may have been a real person at the end of the line, but their picture was of a Russian model, so definitely fake. Not sure if that was either a prospective real life mugging/scam, or more probably asking you to send a 'deposit' of twenty quid so that you will 'definitely turn up'.
It's pretty much essential, if it's not obvious that the user is a scammer, to use something such as Flamite so their pictures can be checked against known scammers or model pics..
It's such an awful dating website, the algorithm has been broken recently for matching, and the app is poorly written. Unfortunately it's where the critical mass is, so it may still be worth using sometimes.