Romance Scams generate headlines. They create financial damage and emotional pain in their wake. The Age or Date Verification Scam is widespread. I believe it is the most pervasive Online Dating Scam, with thousands of attempts daily. And some unknown number – possibly hundreds of people caught by it daily.
A Quick Tour of the Date Verification Scam
When searching personals, or on a dating site someone responds to you. They asked you to verify yourself for their safety.
They direct their victim to a date verification website that states clearly that there is no charge for the service
The website has purposefully hidden or hard to find charges that sign up the victim for a rotating set of dating or pornography sites.
The victim is not aware of the charges until the $40 to $170 per month charge appears on their credit card statement.
This article will explain exactly what happens. This is a high-risk situation and signing up exposes the person to identity theft. I give advice at the end of the article to help anyone caught by this scam.
Because this is a complex scam, I have posted a video at the end of the post to illustrate the deception. This should help a you fraud investigator clearly see the scam in action.
The Age and Date Verification Scam
The scenario in this article is a common Craigslist Hookup scam. A person wants to meet you but wants you to visit a free verification site, for their safety. It is important to note that these scams abound on online dating sites and applications. You could have been on Craigslist, Plenty of Fish, Tinder, Baddoo, or KiK, or wherever. The truth is that even the most reputable online dating sites have scammers lurking in them.
Let’s start at the beginning, so you can understand what is going on…
The Scam Post
You see a person that interests you, and you send them an email. In response, your “date” provides you a way to contact them. The most common is for the person to offer an email address to contact them away from the platform you are on. The reason for this is simple – this puts you into the robot (Bot) script of an automated email process.
From this point on, there is no real person on the other end of those emails. It is a simulated conversation, and if you pay close attention, it is always a little off. The bot doesn’t quite answer a question or takes the conversation in a different direction.
The bot expresses interests and creates an artificial banter. After a few emails that include suggestive pictures, your date gives you a link to a website with “her” profile.
What you see on the scam website
The website presents a page that shows fake information about a woman, whom you can meet, but first you must verify. The first technique of the deception is prominent and repeated declarations that this is a free service. The sites often refer to “the unfortunate murder on craigslist”, as a means for justifying this verification process.
This is what you will see in the sign-up area:
After you type in the information, the page changes, and it looks like this:
What you cannot see…
Thru use of a web programming command called iframe, you are entering your credit card information on another website without you knowing it. In the instance used for this demo, the site has a gibberish name – gfndat.com (Go Find Dates). The second page looks like the below. Take note of the difference in the grey areas of the web page:
Here is the important part of the fine print:
Your access to Dates.Hookup includes a 2-day free trial promo to Go Find Dates. If you choose to remain a member of Go Find Dates beyond the trial period, your membership will renew at thirty nine dollars and ninety nine cents.
It doesn’t say it here, but that $39.99 is a per month charge.
The way that the scam site uses the iframe command, you cannot see the fine print, you have no ability to see it – unless you go to the source code, and click on the iframe link. This is something that the average consumer could not know how to do. I don’t want to get too technical, but the proof is in the code. Here is a picture of the iframe command from the website code, with my emphasis:
The “src” shows the website that is controlling the content of the site. The “width” and “height” (number of screen pixels) shows only a part of the target page. The “scrolling=no” prevents you from scrolling to the part of the page that you cannot see.
A Click Generator
This is how you get from the “free verification” scam website to the dating website. In the above example, uetrk.com is some sort of pay per click or per action aggregator – a click generator that sends you thru other sites that select the dating sites where you are really typing your information. The dating sites rotate. The click generator connects to a different dating site each time someone uses the date verification site.
White Label and Branded Dating Sites
Eventually, the path from the click generator lands the billing page of what I am calling a Branded Dating Company (sometimes called private label). That site is (supposedly) targeted towards a specific demographic, such as“FarmersMeetandDate.com”. Alternatively, sites have a theme such as “StrongLoveNeverDies.com”.
The branded site is really a façade for a White Label Dating Service Company. The way it works is that the White Label company provides an aggregated membership database, and operations for the website and billing. Individual entrepreneurs create their own company brand and website theme. The white label company collects the payment from new members as they sign up to the website. They take their service charge off the top, then pass the remainder to the branded site owner.
Each of these Branded Dating companies, will have two sites. The click generator directs you to the billing site sign-up page. This site has a seemingly gibberish name, for example, Stgved.com is the sign-up and billing website for Strong Love Never Dies; frmrsmt.com is FarmersMeetandDate.com. When it appears on your credit card bill, it will use the billing site, followed by a toll-free number.
There’s Lots of them. Lots and lots of them.
My investigation has found more than 500 branded dating sites. Also, the click generator can route you down a pornography path, depending on which click generator is active in the Date Verification scam site. Instead of landing on a branded dating billing and signup page, you land a branded pornography sign up page. There are more than 900 branded pornography sites. The billing site names are innocuous and nondescript like billkrew.com or createpmt.com. The corresponding pornography sites are explicit and mostly X-rated, so I will just leave it to the imagination.
The Branded Dating Billing site (the gibberish name), is a boilerplate web page that targets handling disputes to the charges. It is clear they know people are being charged without their knowledge. They discourage you from disputing the charges with your bank, and they want to handle it themselves. They do this for two reasons: 1) It provides an opportunity to convince you that you are responsible for the charge. 2) Avoid having their merchant account suspended.
What Happens Next
A few things. If you sign up for the site, you will not meet the girl – There is no girl. You will receive multiple emails that encourage you to sign up. Next the bot will send several spammy emails for you to join other hookup sites. Then the scammers sell your email to spam marketers.
Sometimes the scammer will send an email that gives you a credit card number, including a Card Verification Value (CVV) and expiration date. I don’t know what happens if you attempt to use that credit card. What I do know, is that using a credit card that you are not authorized to use would be a felony. A person doing could be exposed to blackmail.
If you did sign up…
You are going to get a monthly charge on your credit card. Anywhere from $40 (dating site mode) to $170 (porn site mode) per month.
Some sites will have instructions to check your email. The email supposedly articulates the charges.
I have yet to hear from someone who states they received such an email. Even if they did, there are a few problems.
- Any email from these sites is likely to end up in the spam folder.
- Even if the email did not end up as spam since the customer wasn’t aware there would be charges, they might not even open the email.
- There is no confirmation of the email in the sign-up. A typo would prevent the email going to the right person.
The Charge on the credit card statement
The average unsuspecting customer opens their credit card statement and sees a $39.99 charge from a strange website. The charge, which could be 30 days old or more is completely unfamiliar to them. They might not be able to go back in their browser to see where it might have originated – the Date Verification site would be recorded but if the customer doesn’t keep more than 30 days of history, its gone leaving the customer befuddled. The gibberish site will not appear in their history at all until they visit it.
Who operates these sites?
Date Verification Scam Sites
These sites operate outside of the US. When I first started investigating this scam, they usually came from Bangladesh and did not register anonymously. More and more, perhaps due to my blog, they register anonymously. Here is a recently active scam site that is not registered anonymously. Ahsraf Tarafdar, from Dhaka, Bangladesh owns this site:
I am sure Ashraf doesn’t expect the FTC to show up in Dhaka. Probably a safe assumption.
Owner information is from whois functions readily available on the Internet. I like to use cqcounter.com. Their whois function combines hosting, geography and registration information in one page.
I have found several different generators. The owners register most of the sites anonymously. Registries are in China, the United States and Panama.
- Uetrk.com – Shifeng Huang, PRC
- Tgtrak.com – Anonymous, USA
- go2cloud.org – Lee Brown, Seattle WA, USA
- joincheckout.com – Anonymous, Panama
- Dateverifytracking – Anonymous, Panama
Branded Dating Sites
Small 1-2 person companies in the UK own most of the Branded Dating sites. They appear to be shells, often with many having the same address in small offices in the UK. There are also companies in Cyprus, Spain, and the Netherlands.
The companies register most of the branded sites anonymously. However, it is possible to go to the billing site and get the company name and address. From that information, it is possible to look up the person in the U.K. Companies House Directory. Companies House is the official filing for companies in the UK.
My all-time favorite is the owner of Go Find Dates
Fluffy Bunnies Limited, Marston Moretaine Bedford, England
Natasha Layal-Singh Director
Really, Natasha from Fluffy Bunnies, I couldn’t make this up if I tried. She is quite a lovely woman. No Natasha, the internet is not anonymous.
With some poking around, it is possible to find the owners of companies in Spain and Cyprus. One such company I found was Kasho Holding limited, Nicosia Cyprus. The owner is Vlad Bulgariu – (a Romanian Surname). One of the other tricks I use is using the DomainBigData website to cross index and find what sites an individual or company owns. Vlad owns at least 8 branded dating sites:
The White Label Dating Site
By looking at the IP address of the dating billing sites I can see 3 different locations. This could be one company with distributed operations or 3 different companies. The other clue is the fact that there are so many sites, that it must be concluded that it is not a small fly-by-night operation – it has to be substantial to handle the traffic and the customer service phone call volume.
The Panama Connection
A lot of the owners register their sites anonymously in Panama. Registrations and hosting services are business expenses. I contacted the International Consortium of Investigative Journalists (The Panama Papers team) to see if they had any information in this area. I never received any type of response. It was a long shot.
The Branded Dating Sites Purposefully Hide Themselves
Typically, if you have a web site that you want people to visit, you take measures to help search engines find you. The subject of Search Engine Optimization is complex, and people make a living off of it – far beyond the scope of this article. The best way is via illustration. If you search “online dating”, Google will return Match.com and OKCupid.com at the top of the organic search results. (There will be some paid and relevant news items first.) They do this by putting program code on their website that helps the search engine understand what it is seeing, and provide the most valuable results to the user.
Contrast that to these branded dating sites. They take specif action to tell search engines not to find them in the robots file (robots.txt) . I don’t want to get too technical, but the proof is in the code. Here is the code from strongloveneverdies.com/robots.txt:
The first line an instruction that this section applies to all search engines. The second line tells a search engine to not index any pages on this site. This is not a default setting in a website. This website owners create this code.
If you search the exact phrase, “Strong Love Never Dies”, you would normally find this site somewhere in the search results. However because the site owners have instructed the search engines not to find them, it does not appear anywhere in the search results.
Similarly, if you owned the site “FarmersMeetandDate.com”, you would want to be found if someone searched “Date a farmer” or “single farmers”.
Obviously, I cannot look at 1400 sites, but I have looked at a few dozen. They are all the same.
The obvious question is why. I will leave you to decide given in the context of this article.
Designed for Deception
The website owners build the web page to be used this way. The pictures in “what you cannot see” (above) show the entire web page. That web page, where you are really typing your information, contains only the basic data entry elements and the hidden text. Contrast that to any website where you are signing up for a service, where you have a full page of content that describes where you are and what you are doing. Said differently, the owner of the Branded Dating site created a page specifically for someone else to use to sign up to their site. It is the key enabler of this deception.
The primary deception techniques are:
- A social validation by using logo’s from mainstream media sources. Umm… no that never happened.
- Multiple statements that you will not be charged.
- An iframe command that completely hides the fact that you are connected to an underlying dating or pornography site.
Other ways to deceive
Here are other common techniques used by these sites to deceive you:
Fake location of the person you are meeting. The sites use a geolocation service that looks at your internet protocol (IP) address and displays the city or area code where you connect to the internet. This makes it appear as if the woman is near you. A person across the country would see the same woman as near them as well.
Disguised small print terms and conditions hyperlink. Most sites you cannot see this link. When you can, it is very small. Sometimes they take overt actions so it doesn’t look like something you can click on. A hyperlink appears in blue text by default, but these sites will override that and make it blend in to the surrounding text.
Spelling out the amount of the charge. Spelling out thirty nine dollars and ninety nine cents, blends in and you don’t notice it. Numbers, like $39.99 are easy to see in a paragraph of text. Again, on most sites, you cannot even see this part of the page.
Disguising Checkbox Selections. These sites sometimes have a checkbox that is pre-checked for you to sign up for their premium service that does not look like a checkbox. That checkbox for the “premium” service is the justification the site uses to sign you up for the trial period offer and charge your credit card.
Whack a Mole
The Branded Dating sites and click generators are fairly static. There is no telling how many of the Date Verification sites there are. They come and go. As one site goes down, another pops up. The hosting company might take down a site if they receive a complaint. The owner will abandon a site when there is insufficient traffic. Eventually, Google flags these sites as dangerous. As a result, “CraigslistFreeHookup.com” becomes “FreeCraigslistHookup.com”. Often they will keep the same site name and title but the actual site and address (URL) will change. “Free Craigslist Hookup Verification” could appear in dozens of scam websites. They have a sort of brand themselves. This is just an easy way for the scammer to create a new site. They copy the code from one site to the next, typos and all.
Each of the sites individually, only have a small amount of traffic. Assembling the web traffic from each of the billing sites that I am aware of, cumulatively they receive about 55,000 clicks per day. This will be two kinds of traffic:
- People directed to sign up
- Victims investigating the strange charge on their credit card statement
I cannot determine how many people are caught in the scam from this data. I can guess based on the number of people who search for these sites and click on my website. The search pattern and number of clicks is confidential, but it is more than 100 per day.
Obfuscation and Plausible Deniability
There is never a direct connection between the Date Verification scam and the Branded Dating site.
Here is an example of how the connections operate. This is a trace from the click generator uetrk.com in the above example
You can see there are a few middle-man type operations here. Eventually the click generator directs the customer to the branded dating site. I this instance, the site is hrtpndgliv.com, the billing site for heartpoundinglove.com.
This arrangement will have multiple benefits. First, it generates traffic from multiple sources. Sources are interchangeable. Most importantly, there is no connection between the Branded Dating site owner and the date verification site. Natasha Layal-Singh from Fluffy Bunnies doesn’t know Asraf Tarafdar in Dhaka.
Thanks to this handy tool, wheregoes.com
“Personal information may include such information as your name, email address, mailing addresses, financial information, birthdates and information collected electronically via cookies.”
“This site may share your personal information including your IP Address, your e-mail address with its affiliates and third parties.”
“All consumers should consider any information provided to or collected by the Site as non-confidential, and consequently the Site assumes no liability or responsibility if any information relating to any consumer is intercepted and/or used by an unintended recipient.”
Remember that all of these companies are outside of the U.S. and do not view themselves as subject to U.S. jurisdiction. They are probably wrong in that assumption. The general rule of international jurisdiction is if you are doing business in a country you are subject to their laws and you cannot use a disclaimer to get out of it. Companies in the U.S. host the branded sites. Regardless, it means that the sites do not follow the precautionary security measures that are required by most states in the U.S. Nor do they follow the required actions if there is a security breach of customer information.
There is no spoon
There is no age or date verification. The woman is a bot with a stolen picture. Usually a TinEye reverse image search produces results of the same picture in multiple places around the internet.
The site that purports itself as a date verification service, is nothing more than a shell of a web page that redirects you to a Branded Dating or Branded Pornography site. The dating websites do not state that they perform a background check. In some cases, if you dig deep enough you find that the sites have specific terms that state that they do not check the backgrounds of their members.
In order to see what the site operators had to say about verification, I very politely asked via the customer service email if there was any background checks on their members. I sent 7 emails to 7 different sites (they are all CS@credit card charge name.com). I did not receive any responses.
If you have been caught in this Scam
First, you are not alone. By analyzing search data of my site I know that there are thousands of people in the same situation. You might be a little embarrassed. OK 1,2,3, you done with that? Good. You you need to act quickly.
Let’s summarize what happened:
- Someone you met online pretended to be interested in you. Most of the conversation was probably a bot.
- The website states that it is a free service (repeatedly).
- There is no verification.
- The Date Verification scam website sent you to a different website without you knowing it.
- The website hides the credit card charge from you.
- Some unknown entity has your credit card and personal information.
A reasonable finding of facts would conclude this is fraud.
This is a high risk situation. I am sure that Vlad the Romanian is a fine upstanding Cypriot, and that Natasha from Fluffy Bunnies is the quite proper British subject, but you do not want them having your personal and financial information.
No Further Contact
Due to this high-risk scenario, I strongly advise that you NOT contact them because this gives them more information about you. In contacting the website operators, you will need to provide them more personal information and proof of the transaction such as a transaction number, which you might not have. Without the transaction number, you will need to provide them some credit card information. Each step in this process provides this unknown, un-trusted entity more information about you. Just calling them gives them a phone number.
My opinion… it is not reasonable to continue to interact with parties who have deliberately deceived you. A reasonable finding of facts would conclude this is fraud.
The entirety of this situation is why I recommend using a Credit Monitoring Service and advise you only work with the bank who issues the credit card, whom you know and trust.
Here is what you need to do now
Call your bank
If you were not aware these charges would occur then report it as fraud and dispute the charges.
Cancel your credit card
This is the only way to assuredly stop the charges from recurring. It is a pain, I know, but it is the only safe thing to do.
Use a Credit Monitoring Service
- Neither you nor I know who the white label company is that has processed your credit card and personal information nor what security measures they might have in place.
- These are foreign companies that do not follow US Laws regarding the disclosure of personal information of and data breaches.
Make sure your Antivirus software is up to date
Some of the scam date verification sites try to put code on your computer. My antivirus software often blocks the scam websites or some component within them. I have to override the settings it to see what is going on. There are so many of these sites that come and go, I do not know what is out there.
Time to act
This is a lot of information and a lot to absorb. You are probably thinking, oh crap. That reaction is justified.
I have put together a page to help you through this process. Click and bookmark this page Credit Card Fraud Dispute Process. That page contains:
- a step by step process.
- Your rights as a cardholder.
- What to say to your bank to get the charges removed from your credit card.
- A link to the fraud or customer service toll-free numbers of the top 18 credit card issuing banks in the U.S.
There is no charge or sign up required, If you can support the site, it is appreciated.