Scammers prey on the unwary and commit eye-watering levels of fraud against both individuals and gaming companies. And the gaming companies themselves suck in enormous quantities of personal data that sits on their servers making it vulnerable in a data breach. It’s good to understand just how much they know about you.
And gambling is an area where scammers prey on victims only too willing to listen out for an ‘exclusive’ tip or something that makes them believe they can come out on top.
Fooled or foolproof?
Have you ever been offered a ‘foolproof’ bet, maybe for a subscription fee? Perhaps you’ve been told you’re going to get ‘inside information’ sent to you in return for a fee. Or, in another scam, you’re invited to use your own money to place bets on behalf of an ‘expert’ who claims they can beat the bookies. All you have to do is send them their winnings whilst also placing your own bets. The stake you place on behalf of the expert acts as your fee.
If you’re thinking straight, you may well ask, “Why would someone with inside information want to pass it on to others when they could make bigger profits by keeping it to themselves”? Well, the scammer will say something like they are too well known in betting shops for always beating the bookies and for having illegal inside information, so the only way they can exploit their info is to use you to do it for them. Except that it’s a con and they’re fleecing you.
Gambling scams don’t just happen through betting shops. Of course, it’s all over the internet too. Scammers are attracted to gambling sites not just to find individuals they can steal from, but also so that they can defraud gambling companies too. There are an ever-growing range of online gambling games and opportunities. Scams take many forms, and some even go as far as being vehicles for money laundering from other crimes.
Most commonly, online gaming scams are used to steal personal data. It can happen in a number of ways.
Scammers may use ‘phishing’ techniques by sending you a link that you’re persuaded to click on to download a gaming file. But in the process, malicious software is installed onto your device which records your keystrokes. By doing that, the scammer can learn login information, including access to your online banking service.
Scammers sometimes buy login information on the dark web. That can lead to ‘account takeover’, which is where fraudsters get access to your genuine online gaming account to send other innocent players ‘free’ stuff when they give up their username and password. Alternatively, players could be offered free trials or other ‘freebies’ if they click on a link. But the link will turn out to be malicious.
What should you do?
- Never click on links in unsolicited emails, even if it refers to an online game you recognise
- Don’t believe the content of unsolicited emails. If you’re suspicious at all, use your own contact details to get in touch with the company directly
- Watch out for spam messages in your inbox
- Only download online games or extension packs from official websites that you have navigated to yourself, not from a link you clicked
- Check the name of the developer on legitimate websites or platforms to make sure that the software is genuine
- Create strong complicated passwords and change them regularly and consider using a password manager
- Never share any personal information with anyone you play against online that you don’t already know
- And remember that if a gambling offer sounds too good to be true, it probably is.
Gambling businesses have to put in place sophisticated tools to try and prevent and detect fraud.
Here are some of the things criminals do when they attack gambling companies and that upsets the playing field for ordinary participants.
- Multi-accounting fraud. Scammers create dozens or even hundreds of accounts using fake credentials bought on the dark web in order to tilt the balance of a bet
- Bonus abuse. Many gambling firms offer sign up bonuses, free bets or other offers. Multiple fake accounts set out to drain the resources of the gambling company
- Gnoming. Often in poker, this is where multiple accounts are used to help one player win
- Chip dumping. Similar to gnoming, only this is about joining a poker table simply to influence the results, either in favour of one player, or against them
- Carding. Straightforward bank card fraud, where stolen details are used to place bets and pocket winnings
- Chargebacks. When cards get reported stolen or fraudulent activity is noticed, a chargeback can be initiated, leaving the gambling firm with the loss
- Top-up abuse. Scammers trick people into making phone payments that go into gambling accounts operated by the criminal.
To fight back against this, gambling companies put in place various systems, many centred around ‘KYC’, or ‘Know Your Client’ checks. To do that, gambling companies gather personal data for ID verification, which we’ll look at shortly because there’s an awful lot of personal data sitting in their servers.
Online casinos are big business. Some are legitimate, but it’s also an area where scammers set up fake casinos and set about stealing money.
One of the most common scams in these rogue casinos is deposit theft. In order to open an account, the user is asked to make a deposit, perhaps £20. But then the account closes, or disappears, or there appears to be no way to get the money out again. Some of the worst ones actually let you do a few transactions, in and out, so that trust is built. Then they put up a ‘reload’ button for a much bigger deposit, hundreds of pounds or even more. Once you’ve paid it, a wall comes up. You can’t contact anyone; they effectively disappear along with your money.
The next most common scam by rogue casinos is in rigged games. They might let you win for a little while, but after a short time they get you chasing money down a rabbit hole and empty your pockets as you go.
There have been other examples where a gambler has been persuaded to download an app onto their phone or other device, only to find that it contained malicious software. Ransomware might lock their phone, or computer, with a message telling them to send Bitcoin or all their files will be destroyed, or their personal data shared on the dark web.
In some examples, you play the game and win. Fantastic, you think. The release of endorphins that leads to gambling addiction kicks in. But then the rogue site simply refuses to pay out – they go dark or just won’t respond to calls or emails.
Shockingly, refusing to pay out happens even with some legitimate online casinos too. They may rely on a clause buried on page 37 of the terms and conditions that you never read, giving them the right not to pay. It’s always worth checking what legal jurisdiction the gambling firm is based in before you start handing over any money.
All the big gambling companies collect a large quantity of personal data on all its customers. That makes them obvious targets for hackers. If hackers access the servers of a gambling company, they could potentially gather your personal data, putting you at higher risk of being scammed and other criminal activity.
The big companies all gather a lot of data. The depth of profile of an individual user held by a gambling company perhaps goes further than many people might realise.
Does it matter?
Does it matter that they have so much data on you? Well, it might. If the gambling firm that has the wealth of data on you gets hacked and the database is breached and your data gets stolen, that is gold to the scammers of this world. People who hack company databases are constantly trying to break through the defences of firms, day and night. Hackers get the data and sell it in great swathes over the dark web, where scammers can pick up a full profile for relatively little money. A full and detailed profile of you like that could lead to a serious case of identity theft, financial loss and emotional collapse.
Scambusters Mail bag – Reader questions
Question: I used to be an avid gambler and had accounts with a few sites. I’ve managed to curb my habit. Can I get my data deleted from gambling sites?
Yes, you can. Remember, you have the legal right to delete all of your personal information that any company holds about you. This is due to your “right to be forgotten” under GDPR law.
If gambling apps and websites don’t have your data, they can’t share it and they can’t lose it. Of course, it’s not just gambling firms that have your data, so you might like to think about where else you’d like it to get deleted.
The easiest way to get your data completely erased from companies that no longer need it is to use the Rightly Protect service that can identify who has your data and send a deletion request, to multiple companies in one go and for free. The companies must respond within 30 days and execute your legal right to have your data completely erased.
Remember: If you have received a text you think is a scam then you can forward to 7726 or take a screenshot and send it to email@example.com. If you are receiving lots of unwanted phone calls or text messages you can also consider removing your details from data brokers, ensuring that you use a right to object to processing of your data. You can learn more about this on Rightly to stop the sharing of your data exposing you to scams. And you can take a free training course on how to fight against scams on www.friendsagainstscams.org.uk. The more we talk about scams the more we take away the shame.