Yesterday, I came across an interesting scam on a dating/contact site. I received a message from someone that contained this text
Hi! I find your photo on this site:
http://tinyurl.com/m9e3xrtThis is your site ? You looking for new people… 🙂
Generally, in my experience, when people on sites like this (it’s GayRomeo in this case) send a message with a link, they are almost always a faker. They’re trying to persuade you to chat with them elsewhere, either to grab customers for another site, or to scam you; anyone who’s spent much time on sites such as these will be familiar with the huge number of messages from people in Ghana, for example, who seem ever so keen to find love in the UK. (Interestingly, a friend who organises academic conferences tells me they get lots of applications from Ghana for those too, so it’s not just dating sites. Nor, of course, is it just Ghana, or people pretending to be from there; other countries host scammers too, and the sender of this message claimed to be in Massachusetts).
So, of course, you want to know what happens when you click the link. Well, when the message was sent to me, it redirected to what appeared to be lfm.freehpsite.com, and it was indeed a photo of me, with a message above saying that I was looking for fun, and a link underneath to ‘View my private photo and video profile.’
Needless to say, I have neither, certainly not on such a shoddy looking page. So, what happens when you click the link? You get directed to a site called GayPartners.com, which I have never heard of before. It appears to be owned by a corporation based in the British Virgin Islands, operated by a subsidiary in Cyprus.
A closer look at the URL suggests that it’s an affiliate link:
http://gaypartners.com/aff.php?dynamicpage=find_gp&a_aid=f0c413c4&a_bid=19e8291e#fform
And a quick search for details of the scheme suggests that the site may actually pay $4, presumably per sign-up, via an affiliate network called CPATrend.
So, I decided to look a little more closely. In fact, the address that the short link redirected to wasn’t just the freehpsite.com URL, unadorned as it looked in the screen grab. Typing the first part into my browser’s address bar revealed the full link I’d been sent to was
http://lfm.freehpsite.com/?p=0677b791db47fecde3c8a31292&r=0.832786826545163
And a look at the source of the page revealed that the image hadn’t been downloaded, it was simply being plundered directly from the GayRomeo server:
<img src="http://s.gayromeo.com/img/usr/0677b791db47fecde3c8a31292.jpg">
So, clearly the first parameter (p) is substituted in the page to give the URL of the image to display; I’m not sure what the second one does, as I couldn’t see anything else in the code that it seemed obviously related to. You can get the URL of one of someone’s images on GayRomeo (and many other sites) simply by right clicking. It’s a moment’s work to take that and create the fake short URL, which will make it look to many people as if their photo is being used by someone else, and they’ll naturally click the link.
Whether just doing that is sufficient to generate an affiliate fee from GayPartners, I don’t know; the victim may have to sign up, which I didn’t try doing, and though there certainly are paid subscription options mentioned in the terms and conditions, I don’t know if you can sign up without giving any payment details.
I must stress that I have no information to suggest that GayPartners themselves are in any way involved in what looks like a systematic attempt to lure users of GayRomeo to sign in to another site. I write this post purely to let people know how it’s done.
If you get sent a short link by anyone on a dating site, my advice is not to click it. And my advice to sites like GayRomeo is to tweak your servers so that members’ images can’t be included in other sites. That’s not foolproof, but it would mean that instead of a simple script, the scammers behind this would have to download each image first, and then host it elsewhere.
