Posted in: Author's blog

Phishing fraud: definition, types, protection and impact on the gambling industry

Phishing is, in fact, the simplest kind of cyberattack. However, this very type of fraud can be called one of the most popular and “effective”. About what is phishing fraud, what types of cyberattacks exist, as well as the tools of protection in the gambling and not only

The crisis time in which humanity finds itself due to the COVID-19 pandemic is fertile ground for fraud of various forms. Cyber security has become more important than ever due to the transfer of the total majority of companies to remote work. Everything you need to know about phishing scams, their variants and protection from cybercriminals for companies, in particular for gambling, is described in the material below.

Phishing: definition and working mechanism?

Phishing fraud
Phishing fraud

The term phishing (or phishing scam) comes from English fishing – fishing – and refers to a type of illegal activity aimed at obtaining confidential information. For example, it may be an attempt to obtain a user’s password or credit card number. Attackers, like real fishermen, use various methods to obtain personal information. However, the most common practice is to use email or text messages, with the sender impersonating a specific person or representative of the organization. The purpose of the scammers is to present the user with someone whom the latter can trust.

The text that the victim receives is designed to intimidate the recipient and disable logical thinking. As a rule, it contains links to third-party resources that the user needs to navigate through in order to avoid the frightening consequences detailed in the message.

The user, clicking on the link, gets to a site that imitates a legitimate resource, for example, the online platform of the bank. Then he is asked to authorize in the system, most often – to enter the login and password from his own account. Thus, the intruders either try to gain access to the user’s funds on their own with the help of the obtained information or transfer the data to the black market.

The danger of phishing attacks is that they do not require deep technical knowledge, which is required for other cyberattacks. In this context, it is often noted that the main distinguishing feature of phishing is that its impact is aimed at human impact rather than at finding the technical vulnerability of the operating system of the devices. However, cybercriminals often take advantage of social engineering.

Phishing: A Historical Essay

Phishing: A Historical Essay
Phishing: A Historical Essay

At first glance, the origin of the term described above seems obvious – indeed the process of illegal information extraction is very similar to fishing. It is believed that the spelling of the phenomenon in English “phishing” is due to the fusion of the words “fishing” and “phony” (deceit). There is, however, another interesting version of the origin of the name.

In the 70s of the last century, a specific subculture was formed, its adherents used low-tech methods when hacking into telephone networks. Attackers began to name – “phreaks” (freaks), using a combination of words “phone” (phone) and “freak” (cheater).

At that time, the number of PCs connected to the network was small, so the main purpose of the attackers was to make long distance and international calls. It was also believed that this approach could be used for calls to numbers that were not in the phone books.

Phishing: the impact on the gambling industry

Phishing
Phishing

Raffaela Zillner, General Secretary of the Austrian Betting and Gambling Association, said at the Prague iGaming Affiliate Conference last year that phishing is not the main problem in the gambling industry. However, there are still consequences from cyberattacks. That’s why the specialist strongly recommended educating employees of gaming companies and organizing specialized training sessions for employees at the earliest opportunity.

The expert also added that every company engaged in the gambling industry should have an IT department, whose specialists should advise other employees on a wide range of issues, including phishing.

From a user perspective, it is also critical that if there are any problems, the company’s clients are not left in the dark.

Phishing algorithms and mobile phones

Despite the fact that the mobile phone in our pocket is a treasure trove of opportunities, combined with access to the Web is also a dangerous loophole that fraudsters use. As mentioned earlier, due to the specifics of the impact on a person, not on the system, iOS or Android in this case are powerless to protect the user. However, he can do it on his own.

Phishing attack on your smartphone: how to be a customer of the BC

Phishing attack
Phishing attack

Despite the fact that, as mentioned above, most often the abusers are presented by representatives of banking structures in order to obtain information related to finance, the range of their work can be significantly expanded, and there are no limits to the industries in which deception is implemented. In this context, the clients of betting companies may also be affected.

For example, a fraudster may introduce himself not only as a manager of the BC, but also as a tax agent. In this case, the impact on the person is made by emphasizing the fears of the player – recognizing the transaction illegal or blocking the personal account. In this case, the attacker’s purpose is to induce the user to enter the login and password from the account or to duplicate the bank data needed to enter and withdraw funds.

No matter how banal it sounds, the best protection in this situation is skepticism and vigilance. What to pay attention to?

  • Impersonal treatment. For example, the user is not addressed by name, but using the welcome “Mr. / Mistress” or “esteemed client.
  • If we are talking about a subspecies of phishing via SMS-messages, be sure to pay attention to the presence of grammatical and spelling errors.
  • The offer that came in is too good to be true.
  • If a user has been working with the BC for a long time, he already knows which channel the manager usually uses to contact him, and if he changes suddenly, he should be wary.
  • One should remember the strict rule that all legal market participants follow – never ask for confidential information in text form.
  • The source number from which the call is made is suspicious.
  • One more true sign of fraud is that malefactors drive the user, provoking the latter to act in a rush.
  • If any suspicions arise, you should contact the companies directly and clarify all the questions.

Phishing sites

A phishing site is an online platform that has been partially or completely copied from the original, but is not a phishing site. The purpose of such online platforms is to steal the password and login that is used when you login to the original site.

You can recognize such a site, if you look carefully at the address bar, it will necessarily be an error. As a rule, it is a doubling of some letters from the original site address or a spelling error.

This information is equally relevant in the case of copying the online platforms of various companies, including those that provide online gambling services to foreign users.