Online casinos and daily fantasy sports have been some of the juiciest targets for hackers over the years; even as technology improves, online gambling security risks in 2016 are expected to rise.
There are three main reasons black hat hackers like to target online casinos and daily fantasy sports websites (apart from that hackers, by definition, like to hack, that is):
- The first is that these websites store tons of personal data ranging from birthdays to names to bank account details.
- The second is that “casinos are where the money’s at,” and some malicious hackers have made small fortunes extorting legitimate online gambling businesses.
- The third is that hackers enjoy making statements as much as they enjoy hacking, and, disrupting an industry that some of them may perceive as “evil” can be a good reason as any for many black hat hackers to exploit online gambling security risks.
If you’ve never heard the term, “black hat,” by the way, these are the hackers who use their skills with malicious intent, as opposed to “white hat” hackers who usually help (or directly work for) online security companies by testing their internet defenses.
Here we identify some of the most common security risks faced by online gambling websites and persons:
An old and proven method of identity and money theft, social engineering is not actually a hack in the technological sense of the word.
Sometimes the perpetrator would masquerade as a Support agent, or somebody pretending to be romantically interested in the user. They would then gain their victim’s confidence, and, under one guise or another, ask the victim to provide them with their usernames and passwords,
Remember: a Customer Service representative would never ask you for your password. Neither would anyone else, unless they’ve some hidden agenda that probably doesn’t have your best interests at heart.
The term “phishing” stands for attempting to “phish” your username, password, or credit card details by imitating a trustworthy website.
There doesn’t need to be any actual social interaction for the evil-doers to phish out your details: this method involves creating username / password pages that are carbon copies of the login pages of legitimate websites, with the hope that the victims would not notice the slight differences between the web addresses of the sites.
Make sure to always double check the URLs of the websites that ask you for personal data.
According to the technology security firm Akami, online gambling sites saw 50 percent of all distributed denial of service attacks in the third quarter of 2015, IGP reported.
Distributed denial of service (DDoS) are just one of many online gambling security risks: in a DDoS attack, botnets (a network of private computers infected with malicious software, usually controlled as a group without the owners’ knowledge) overload target websites with traffic, overloading the servers, and, consequently, bringing the targeted websites offline.
Such attacks can last for hours, days, or even weeks, and are often accompanied with ransom notes that demand the website proprietors to pay certain amounts of money, usually in untraceable Bitcoin e-currency, for the attack to stop.
Total DDoS attacks were up 180 percent over 2014 during the third quarter, with online gambling the main target, Akami’s report stated.
One of the most common forms of attacks, an SQL ( Structured Query Language) injection is basically the insertion of SQL commands into a website’s input field (eg., login forms) to access the database directly.
While most online gambling websites are well-protected against such attacks, this is nevertheless one of the first type of attack that a hacker might try to break into a database, and, if the website is poorly coded, they’ll have some chance for success.
What can you do?
“Online casinos need to be worried because that is where the money is, so they will be targets for certain types of hacks and threats,” said Bill Hughes Jr, a partner at law firm Cooper Levenson and an expert in cyber liability and cyber risk management.
“Much of hacking has had its origin in bragging rights and being able to penetrate the impenetrable system. It was only recently that you could make a boatload of money from this,” he added.
Online casinos are not the only businesses threatened by online gambling security risks, either. Daily Fantasy Sports have come under fire as well.
“One of the very rich targets we can imagine being attacked in 2016 are the fantasy sports companies,” said Stephen Newman, CTO of Damballa, a leading cyber-security firm.
Betfair, PokerStars, Svenska Spel, and even our affiliate, one of the best online gambling websites in the world, Unibet, were only some of the online gambling sites that have been targeted in the past 12 months.
But what can you do as individual to protect yourself?
We strongly advise you against storing your personal bank account details on any of the online gambling websites, and to instead use 3rd party e-wallets such as PayPal for money transfers.
This way, if an online casino takes a hit, the hackers would be unable to steal your bank account details, which is always a plus. Take risks, but don’t take unnecessary risks … and never, ever, give anybody your password.