This Valentine's Day, a dark undercurrent is also making its presence known on dating apps. Cequence Security has released new research which reveals a heightened scamming activity on these platforms, as fraudsters pose as potential romantic partners to exploit and manipulate users for financial gains.

The study, conducted by Cequence's CQ Prime Threat Research Team, utilised anonymised traffic and attack data from 2023 across a range of its customers in the dating and media sector across all geographies. The team was successful in identifying and categorising active threats, and the resulting threat intelligence will serve as an essential part of the Cequence products that aim to protect customer businesses through mitigation and blocking.

The report's key findings shed light on the extent of the problem. According to the analysis, 58% of all detected bot activity in 2023 originated from the U.S., a significant rise from 48% in 2021. Alarmingly, 28% of transactions spoofed an iPhone app. Over the course of 2023, more than 660 million bot requests were detected on popular dating apps, causing more than 12 million unique accounts to be protected from account takeovers.

In comments related to the findings, William Glazier, Director of Threat Research at Cequence, stated "This Valentine's Day, love is in the air, but so are scammers targeting lonely hearts on dating apps and looking for ways to extort money. Thanks to recent advancements in AI, bad actors are now leaning on automation to scale their operations, increasingly exploiting APIs to get the accounts they need to continue their scams."

Victims of the most common types of scams, as reported by FTC, suffered substantial financial losses amounting to $1.3 billion in 2022 alone. Bots are particularly instrumental for scammers, providing them with the means to scale their operations. By efficiently exploiting automation, fraudsters are significantly increasing the likelihood of successful manipulations.

To fight against this problem, Glazier advises, "Dating sites and apps must find the perfect, long-term match to help protect their users from automated attacks. These organisations must adopt a holistic security strategy that protects their APIs at every lifecycle phase. This means treating API security and bot management as interconnected challenges, not separate issues solved by isolated teams. This combined approach involves identifying and registering all APIs, ensuring rigorous adherence to industry standards, and deploying advanced threat detection and mitigation tools to defend against attacks."

The escalating issue of bot-driven fraud on dating apps is a serious concern, and all involved must be vigilant to protect themselves and others from potential harm. In the lead up to Valentine's Day, the warning from Cequence's research is clear: users of dating apps should exercise extreme caution when interacting online and be cognisant of the potential risks that may accompany their search for romance.