4 minute read
WHAT SECURITY RISK ARE YOU BETTING ON?
Menlo Security Senior Director Mark Guntrip sits down with Gaming America to discuss how large-scale sporting events are exploited by cybercriminals.
As the World Cup captivated audiences across the globe, an estimated $35bn was wagered on the games, according to Barclays. It seemed like operators were poised to make a fortune as many users around the world were signing up for multiple online gambling sites, but many consumers failed to account for the cybersecurity risks that can come with using these platforms. When placing bets on each match, you could potentially be gambling away your personal data to bad actors. The biggest fear that many security experts had about this betting en masse was hackers using phishing emails or smishing text scams to lure participants into visiting fake or fraudulent websites, and disclosing passwords and personal details, including payment details. Other concerns were account cloning and identity theft. Even experienced gamblers were at risk during the World Cup as increased traffic to popular betting sites made them more enticing to cybercriminals. This article will take a deep dive into some of the scams we witnessed over the course of the 2022 World Cup – and the best ways consumers can equip themselves to thwart these types of attacks.
A DEEP DIVE INTO THE DRAFTKINGS ATTACK
While soccer is not as popular in the US as in most other countries across the globe, that did not stop US-based gamblers from using the popular sports betting website, DraftKings, to wager on each game. Unfortunately, the site was popular among hackers too. The threat made against DraftKings users was a credential stuffing attack, used to harvest the credentials of users and then take over accounts. The attack resulted in users being locked out of their accounts, having their money drained, and cybercriminals making around $300,000. The common thread between all accounts that had been hacked was the $5 initial fee players paid before starting to bet on the games.
This attack was a classic case of a lack of awareness among consumers and poor cybersecurity hygiene, as many users failed to implement two-factor authentication (2FA) even though it was offered through the site. Hackers often rely on consumer apathy to basic security measures, and count on the everyday person to fail to set up systems like 2FA or reuse passwords across multiple platforms. Many consumers are unaware of exactly how they are exposing themselves to potential cyberattacks and what measures they should be taking to prevent hackers from getting ahold of their personal information.
MARK GUNTRIP
THWARTING THREATS AND TAKING PREVENTATIVE MEASURES
While cybersecurity professionals cannot save everyone who might be a victim of a malicious gambling site scam or compromised account, there are several ways for consumers to better their cybersecurity hygiene before participating in online activities. In a recent survey conducted by Menlo Security, most consumers fail to implement basic best
practices when it comes to protecting their devices, despite nearly a third (31%) reporting receiving spam emails multiple times per day. This statistic is alarming to cybersecurity experts, especially when looking through the lens of sports betting during events like the World Cup, as spam emails or texts are most certainly guaranteed to rise. Seasoned gamblers should be taking the following steps to ensure they are protected in the future:
Enable 2FA on all accounts. As we saw from the DraftKings compromise, users who did not enable 2FA (two-factor authentication) saw their accounts hacked and balances drained.
Use strong and unique passwords across your accounts, especially if you are using multiple sites to bet on games. This gives you a better chance to avoid a breach if bad actors are attempting to use the same or similar passwords with your other login credentials across accounts.
Don’t respond to, click on links or open/
download attachments from any number or email you don’t know. Many scammers will use an opportunity like the World Cup to send fraudulent links to those who have used gambling sites in the past, to try and get them to sign up and enter personal banking information. Make sure every link you are sent is legitimate.
Sporting events like the World Cup are a hunting ground for cybercriminals. With millions of people tuning in and many trying their hand at online gambling for the first time, it creates the perfect opportunity for bad actors to scam innocent people looking to make some extra money on a match. As hackers get more intelligent and creative with their methods of attack, those who choose to participate in online gambling must be extra vigilant when it comes to protecting their personal data. Help bettors by educating them.