Why Gambling Operators Should Fear Spoofing

Computer code on a screen with a skull

We’ve had declining casino revenue and advertising bans; and now a new threat to gambling has been identified – spoofing.

It’s an unusual word, even a bit silly, but wide-spread spoofing could prove disastrous for the fast-paced online gambling industry.

Fueled by Stolen Identity Data

A new ThreatMetrix Cybercrime Report revealed that identity spoofing, fueled by stolen identity data, is the most common attack when it came to the gaming and gambling industry. It also pinpointed a marked growth in location (IP) spoofing attacks. So what is spoofing?

According to the BBC: ‘Spoofing’ is falsifying the origin of an internet communication in order to mislead the recipient. It is widely used to create bogus emails or web pages in order to steal money, passwords, or banking credentials.”

Fastest-Growing Type of Attack

In the second quarter, location spoofing became the fastest growing attack vector in the space, increasing 257% year-on-year.

According to the Cybercrime report, that’s because of the availability of more sophisticated location spoofing tools, which fraudsters use to disguise their true location to launder money.

From collusive play and self-excluders to malicious account takeovers (ATOs), it seems that operators are finding it hard to differentiate trusted users from fraudsters.

Ellie Burns, the fraud and identity manager at ThreatMetrix, said: “Rising cybercrime levels is no small issue for a sector that enjoys a truly global customer base.

“With more than two billion gamers worldwide, nearly 60 percent of the industry’s traffic is cross-border. Operators must contend with a rapidly evolving regulatory landscape and stringent new anti-money laundering laws, making the verification of the true location of a transacting gamer a vital component in authenticating identity.”

Users Need Access to Overseas Operators

The report gives substantial weight to the number of users trying to access services otherwise restricted in their locations. This cross-border traffic – think China gambling during the World Cup – has driven the growth of IP spoofing attacks with the majority done by mobile phone.

Some alarming stats for you:
1) 60% of the industry’s traffic is cross-border
2) The rise of bets placed online continues to grow by as much as 45% a year

As the number of bets placed via smartphones has risen (71% of transactions are now placed on a mobile device), fraudsters have identified mobile as a key opportunity to monetize stolen credentials; mobile payments are more frequently attacked than any other type of transaction.

Burns says, “To deal with these challenges, gaming and gambling operators must incorporate dynamic digital identity intelligence that pieces together key indicators such as device intelligence, true geo-location, online identity credentials, and threat analysis, to better inform risk decisions.

“The key is to be able to effectively differentiate trusted users from fraudsters and understand changes in trusted user behavior, without adding unnecessary friction.”

In any case, betting on a fraudulent website that looks like the real deal might not seem as far-fetched as you might have thought even a few years ago. With the prevalence of mobile, spoofing isn’t just being seen more often. The industry might actually be courting it. And unhappy customers often mean an unhappy market. It’s a risk the industry needs to take seriously.