Page 1 of 4 1234 LastLast
Results 1 to 20 of 78

Thread: Fraudster stole up to $10,000 each from poker pros, likely due to a legalized betting payment processor breach. I was one of the victims.

  1. #1
    Owner Dan Druff's Avatar
    Reputation
    8476
    Join Date
    Mar 2012
    Posts
    49,104
    Blog Entries
    2
    Load Metric
    24419166

    Fraudster stole up to $10,000 each from poker pros, likely due to a legalized betting payment processor breach. I was one of the victims.

    (Updated 11/16/22 at 12:40am)

    On October 20, an account was quietly created in my name on legalized sportsbook BetMGM West Virginia. I never had an account on any BetMGM site, and in fact I have never set foot in West Virginia in my life.

    The fraudster creating my account had a lot of information about me. He had my full name, my address, and at least the last 4 of my social security number. Using this information, he deposited $10,000, which came right out of my bank account.

    The perpetrator was likely not in West Virginia. He could not place any bets, but that didn't matter. Gambling wasn't his plan. On the same day he created my account and deposited, he hit the cashout button. He did a cashout of $7500, to a Venmo Debit Mastercard, created specifically for this purchase. The debit card was connected to a phony Venmo account, also made in my name. I already had an existing Venmo account, but this wasn't affected. This was a brand new Venmo, also in my name, created just for the purpose of getting the stolen money out.

    Once processed, the fraudster then transferred the money out to another Venmo account in another name, which is how he made off with the money.

    But what happened here? How did the scammer get all of my information, why was I targeted, and how did he know I had $10,000 in that particular bank account to steal? And how did he do all of this so quickly -- all on October 20th? (The last $2500 was withdrawn in similar fashion, on November 4.)

    It turned out I wasn't the only victim. And it turns out that known poker pros are the ones being targeted.

    Read on...

     
    Comments
      
      Crowe Diddly: instant classic thread rep

  2. #2
    Owner Dan Druff's Avatar
    Reputation
    8476
    Join Date
    Mar 2012
    Posts
    49,104
    Blog Entries
    2
    Load Metric
    24419166
    I have been quietly investigating this behind the scenes. Until today, I did not make it public, because I hadn't seen any information on Twitter that this had occurred to other poker pros, and I wasn't sure if it was aimed solely at me, or if it was part of a pattern victimizing multiple people.

    That all changed today when Joseph Cheong, a prominent Vegas poker pro, tweeted the following:

    https://twitter.com/#!/x/status/1592597068484587521


    Since then, various poker pros have come forward that they have been hit by this exact same theft. In addition to myself and Joseph, other victims include Kyna England, Sam Panzsica, David Bach, and several others. It is likely there are a lot more victims who have not come forward yet. I am still collecting names of victims and attempting to get in contact with them. If you were a victim, please DM me on Twitter @ToddWitteles, or text me at (775) 372-8355.




    How Does the Perpetrator Steal the Money?

    This is a deposit/cashout scam, which is a combination of bank account fraud and identity theft. The perpetrator has extensive knowledge of electronic payment systems, and has engineered a way to impersonate poker pros, set up phony accounts in their name, and utilize those accounts to steal money.

    The scammer has access to certain items of personal information of the victim: Full name, address, last 4 digits of the social security number, and date of birth. The scammer might also have access to a history of that bank account being used on other legalized online gambling platforms, so they might know who to target and for how much. More on that later.

    The scammer then sets up a new account on a legalized betting service, usually in a jurisdiction where the player is unlikely to have an account. Since my address is in California, he set up fake accounts for me at three east coast online sports books, starting with BetMGM West Virginia. For some people outside of California, he set up accounts on the cashless casino system at Viejas Casino, which is located near San Diego.

    The fraudster then makes a deposit from the victim's bank account. He does not need the victim's bank account number. A payment service called "VIP Preferred", offered by Global Payments Gaming Solutions, allows the scammer to access previously used bank account information, provided the victim has used eChecks in the past on one of many legalized gambling sites. He uses the bank account which was used previously to deposit to these sites, which was saved and held by the payment processor. The deposit is usually correlated to the limits on the account, which is set by the payment processor. If the person has high limits, the fraudster hits them for $10,000 or thereabouts. If the account has lower limits, he hits it for less. Sometimes a "test" transaction is made, in order to see if the account works at all. The bank account theft is done via an eCheck system, which is available on nearly all legalized gambling platforms.

    On the same day, the fraudster creates a new Venmo account in the victim's name, and establishes a Venmo Debit Mastercard with that account. If the victim already has a Venmo account, that existing account is not affected. This is a brand new account which is created specifically to receive the stolen money. The fraudster then initiates a withdrawal from the gambling account, and enters the debit card's account number to receive the funds. When the funds transfer to the debit card, the fraudster then has it in the fake Venmo account. He then sends the funds to other Venmo accounts (not in the victim's name), in order to get the money off.

    Sometimes multiple gambling accounts are created by the fraudster, for each victim. This is done to circumvent deposit/withdrawal limits. For example, I had two BetMGM accounts and one other sportsbetting account created in my name, in three different east coast states. However, I was able to shut down the latter two before any further damage could be done.




    But how does this work? How does the scammer get all of this done so quickly, and why aren't sites like BetMGM doing more to ensure that the person making these large transactions is legitimate? And how is the scammer getting all of this sensitive personal info?

    Read on...

  3. #3
    Owner Dan Druff's Avatar
    Reputation
    8476
    Join Date
    Mar 2012
    Posts
    49,104
    Blog Entries
    2
    Load Metric
    24419166
    A Treasure Trove of Identity Info

    Online gamblers want to deposit and bet quickly, but how do they do this? How can legalized online gambling sites allow large deposits for new accounts, and be sure that the person creating the account is really who they claim to be? How can they be sure that the new gambler has the funds to cover their large eCheck deposits?

    The gambling sites themselves do not get involved in such matters. Instead, they farm it out to a payment processor, which takes the burden upon themselves to perform such verifications.

    When you want to deposit for the first time to a legalized online gambling account, the processor asks for a LOT of personal information, which they use to quickly look into your background. This includes a possible credit check. They will also sometimes ask you identity-establishing questions, such as requiring you to take a multiple choice "test" regarding past addresses you were associated with, people who have lived with you, places you've worked, etc. Once you pass the identity test, they will use the information they researched about you to determine the highest amount of money you are allowed to deposit via eCheck, and you are good to go. Sometimes this is done by a human being, and sometimes it's done by an automated system. The processor also might quietly enlist the help of third party companies specializing in fraud prevention.

    Once all of this is established for the first time, depositing is a lot more painless. They've already done all of the vetting, so the eCheck deposit goes through quickly and without any further concern. You will see it draw from your bank account a few days later. You're essentially given a certain level of trust, based upon your credit and history.

    While all of this sounds fine on the surface, unfortunately it opens the door for a lot of potential fraud. That appears to be what has happened here.

    Remember, since the stringent verification is only done the first time around, this opens the door for scammers to impersonate you and use the fact that you already passed verification in order to steal from you.

    Read on...

  4. #4
    Owner Dan Druff's Avatar
    Reputation
    8476
    Join Date
    Mar 2012
    Posts
    49,104
    Blog Entries
    2
    Load Metric
    24419166
    Introducing Global Payments Gaming Solutions

    You may not have heard of Global Payments Gaming Solutions before, but if you have deposited to a legalized online gambling site before, you have likely used them without realizing it.

    Global Payments does the processing for most legalized online gambling sites in the US. When you deposit to WSOP.com online, it might feel like WSOP is processing the payment, but they're not. It's being done by Global Payments. Same with BetMGM. Same with many other US online gambling entities. It is made to feel seamless, as if you're depositing with the BetMGM or Caesars, but in reality it is Global Payments doing the work. In fact, your bank statement shows the name of the gambling site/app, not Global Payments.

    The fact that Global Payments is used so widely is actually a huge problem. This allows anyone who has successfully deposited large money processed by Global Payments to easily deposit again, without the same level of identity checking as done the first time!

    For example, let's say you have deposited $4,000 in the past to WSOP.com, via eCheck, and it was processed by Global Payments. If you make a new account on BetMGM, which is not related to WSOP.com, Global Payments will again process your deposit there. Rather than having to go through a rigorous check when you deposit on BetMGM, Global Payments will see you already passed that check, and if your personal information (name, social security number, date of birth, address) matches their records, they process the payment quickly without further scrutiny!

    This allows a fraudster with access to such personal information to create new accounts on other legalized gambling systems which utilize Global Payments, and easily steal directly from your bank account you previously used with them!


    This is exactly what happened to me. I last deposited to WSOP.com back in June 2022, while I was in Vegas for the WSOP. Since I am a middle-high stakes player, I deposited a few thousand dollars. I used an eCheck.

    The fraudster created a phony account on BetMGM West Virginia on October 20, using my personal information he obtained (likely from Global Payments somehow), and used it to deposit $10,000 into the fake account. Note that the scammer only needed my name, address, date of birth, and last four digits of my social security number in order to commit this theft! The bank information was already stored at Global Payments, and made fully accessible to the scammer with his fairly basic information! The deposit went through quickly because I had a good history through Global Payments in the past, and they trusted me to be good for the $10k. This also allowed the scammer to make a same-day withdrawal to a different account (the Venmo debit card), without Global Payments finding it was suspicious.

    If you have deposited to any real money, legalized US gambling site in the past, using eChecks, you are vulnerable to this exact same theft. It is more likely you will be victimized if you are a known name in poker.

    This is a huge problem, and Global Payments has a lot to answer here. I do not have proof of their system being at the center of this, but all known breaches have Global Payments as the common denominator, and indeed the bank accounts victimized were the ones Global Payments processed in the past, from what I've seen.

    It appears that the fraudster has been using BetMGM, Borgata New Jersey (related to BetMGM), and Viejas Casino cashless gambling in San Diego, as vehicles to commit this fraud. There may be others. I am still looking into it. It appears that the fraudster is doing this all from the comfort of his own home, without having to travel to these locations.

    But what can you do to see if you're a victim? And how can you avoid this occurring if it hasn't happened yet? And do BetMGM and the others have any culpability here in their failure to prevent their system being used this way? And how is the scammer traversing so many states around the country to do this?

    Read on...

  5. #5
    Owner Dan Druff's Avatar
    Reputation
    8476
    Join Date
    Mar 2012
    Posts
    49,104
    Blog Entries
    2
    Load Metric
    24419166
    Are You Vulnerable?

    Before I go on with more details regarding the scam, I'm sure you're wondering if you might be vulnerable here. After all, you're probably a poker player or gambler yourself, and you might have gambled on a legalized online betting platform over the last several years.

    It appears that this scam is being primarily targeted against known poker pros. If you are not at least a semi-known poker player, the chance of you being a victim is much smaller. It appears that the fraudster was specifically looking for names to target -- ones he assumed had previously utilized deposits processed by Global Payments -- and went from there. I have concluded this because one of the known poker pros was only targeted for $50, and this was after they had only deposited $250 back in 2020. Clearly they were not targeted for a past $250 deposit, so it is likely they were targeted by name, and the $50 was probably some sort of test. I have not yet received any reports from complete unknowns in poker being victims. However, that might change, and I will update you over time.

    Interestingly, it appears I might have been one of the first victims -- or perhaps the first. All victims I've spoken to were hit in November, many in the past week. The $10k stolen from me occurred on October 20th, predating all other known victims by almost two weeks. Unfortunately, this might mean the perpetrator is someone who reads my site or listens to my radio show, and figured I would be a good first target. If you were victimized before October 20th, please let me know, as that might be a clue.

    Every single person victimized, to my knowledge, had the money stolen from the bank account they used for past eCheck deposits on legalized gambling sites. This is very significant. If you never did eCheck deposits (where the money is directly drawn from your bank account) via legalized online gambling sites, there is a high chance you will not be affected by this.

    To my knowledge, there have been no victims who exclusively used credit cards, PayPal, or cash-at-the-cage deposit methods. Again, as I talk to more people, this might change, but this is what I am seeing so far, and it remains consistent with my theory regarding how all of this occurred.




    Prevention of Future Fraud

    Here is what you can do to from being a future victim of this scammer, even if you haven't been hit yet.

    1) For now, do not use eChecks or bank accounts to deposit to any online gambling site.

    2) Identify the bank accounts you used in the past to deposit to WSOP.com or other legalized online gambling sites. Close them, and start a new bank account instead, with a new number. You might want to do this, even if not victimized yet, especially if you are a known name in poker. Do NOT link the two accounts in any way, and do NOT attach the closure to the new account. For example, you should NOT tell the bank, "I'm afraid this was compromised, I want to close the account and open a new one", or they might forward future fraud transactions to the new account! Instead, simply open a new account, then transfer the money over, then close the other one. Do not worry about other accounts at banks not previously used for these eChecks, and do not worry about other accounts at the same bank. It is likely only the specific account(s) used for past eChecks are vulnerable!

    3) If you were victimized, go online to the three credit bureaus and put a hold on new accounts being created in your name. This will protect you from the fraudster creating new bank accounts or new credit cards with the information he has. If you were not victimized yet, it's not as important to do this, but you might want to anyway. Here is an article regarding how to accomplish these credit locks.

    4) If you were victimized, contact Venmo, and ask if a phony account was created in your name. If so, have them close it. This account would have been created in October or November of 2022. Venmo's phone number is (855) 812-4430. Do not worry about your existing Venmo account, if you have one, as this was unlikely to have been affected. It is possible some of your stolen money might still be there, as Venmo's bot has auto-locked some of these fraudulent accounts for suspicious activity.

    5) If you were victimized, contact your bank, and ask for the money back. After an investigation which might run as long as 3-4 weeks, you will probably get the money returned. Also call local law enforcement and make a report. Do not bother with the FBI's IC3 site, as it is unlikely they will take action, since they will lump it in with Nigerian type scams they see all the time.

    You probably do not need to bother to change your passwords anywhere. This does not appear to be a breach of any existing online banking accounts you hold at financial institutions. If you will feel better changing your passwords, go right ahead, but I don't see it necessary at this point.




    But how was this scammer signing up so many accounts in so many different states? And why was BetMGM's security so lax to allow this to happen? I'll explain this in the upcoming posts.

    Read on...

  6. #6
    Owner Dan Druff's Avatar
    Reputation
    8476
    Join Date
    Mar 2012
    Posts
    49,104
    Blog Entries
    2
    Load Metric
    24419166
    (This portion updated on November 16, 2022 at 1:00am PST, thanks to user "Dizzy".)

    Bank Account Theft Via Global Pay -- So Easy a Caveman Can Do It

    The fraudster does not need your bank account information to steal from you. He doesn't need your full social security number. He doesn't need to verify anything, or authenticate he's really you.

    If you have already had a past deposit processed by Global Payments -- which is HIGHLY likely if you used an eCheck in the past on legalized online gambling sites -- then it is INCREDIBLY EASY to impersonate you with the most basic of information.

    Global Payments provides a service called "VIP Preferred". This is a deposit option which allows you to draw an eCheck from your bank -- essentially a direct deposit coming from your bank account. The button looks like this, on the app interface:

    Name:  
Views: 
Size:


    One you click on the above button, the system automatically loads the bank account information you previously used on other sites! This means that anyone signing up a new account with your full name, address, last 4 of your social, and date of birth, will get full access to deposit from your bank account, without any further verification!

    This is insane!!

    I tried a test of this just now, using BetMGM New York, where I previously did not have an account. I signed up a new account on their app, using only my name, address, date of birth, and last 4 of my social. I did not verify anything, and I clicked on "VIP Preferred", as shown above. I then got the below screen:

    Name:  
Views: 
Size:


    It's that easy!!

    (Note that the only reason it's not letting me deposit above is because I'm past my limit -- because the scammer already reached it by stealing my $10k!)

    This was incredibly negligent on the part of Global Payments to make it so easy to impersonate someone and steal, and further negligent on the part of BetMGM and other legalized gambling apps to allow such large transactions on the same day the account was opened, including withdrawals!

    Certain states, like Nevada, require more than this. BetMGM Nevada, for example, requires you to scan your ID and sent it in to them (or verify in person at a sportsbook). This is likely why Nevada-based sites/apps have not been used for this fraud. The verification requirements vary from state to state.

  7. #7
    Owner Dan Druff's Avatar
    Reputation
    8476
    Join Date
    Mar 2012
    Posts
    49,104
    Blog Entries
    2
    Load Metric
    24419166
    Global Payments is the Common Denominator

    Global Payments processes eChecks for WSOP.com.

    Global Payments processes eChecks for BetMGM and Borgata.

    Global Payments processes cashless banking for Viejas Casino in California.


    Every single person victimized who I've spoken to has indicated that they made some sort of eCheck deposit processed by one of the above entities in the past (usually WSOP.com, but not always), and all of the fraud so far seems to have been done via BetMGM and Viejas.

    This makes it likely that the person doing it has extensive knowledge of Global Payments, its customer base, which sites utilize them to process, and somehow has access to the full personal information (name, address, date of birth, last 4 of SSN) of the customers who previously used Global Payments.

    This could either be a corrupt Global Payments insider or a hacker.

    The entire matter is highly suspicious. I have not yet found a single case of this fraud where eChecks previously processed through Global Payments wasn't involved, and all of the new fraudulent gambling accounts were created on systems with payments processed by Global Payments.

    I'm not a big believer in coincidences. While I do not yet have 100% concrete proof that Global Payments is somehow at the center of this, obviously this is highly, highly suspicious.

    Even if the Global Payments database was not breached or information stolen, at the very least they are incredibly negligent by allowing such easy bank account theft when someone enters basic personal info to impersonate a previous customer.

  8. #8
    Owner Dan Druff's Avatar
    Reputation
    8476
    Join Date
    Mar 2012
    Posts
    49,104
    Blog Entries
    2
    Load Metric
    24419166
    The MGM Data Breach -- Is It Related?

    You may have heard about a breach against MGM Resorts, which occurred from 2017-2019, but made news in mid-2022 because that data was found on the dark web. Almost 25 million records were breached, and it's very possible you got a notification at some point that your e-mail address (or other information) was found on the dark web, as a result of this breach.

    Given that BetMGM was used to steal a lot of these funds, is it a safe assumption that this breach was likely (or at least very possibly) the culprit?

    No. This is a red herring. The MGM Data Breach did not include social security numbers, credit cards, or bank accounts. Instead, it contained customer data of MGM. As it was missing crucial data necessary for this scam (social security number, history on Global Payments), it is unlikely this was related.




    Why Were Deposit Limits So High?

    One question I've gotten from many people was, "How could someone possibly have deposited $10k on the first day they created a new account?"

    The answer is simple: The limits are managed by Global Payments, not BetMGM. If you have already established yourself with other transactions processed by Global Payments on other sites, you will immediately be granted high limits for deposit on the new site, provided you pass identity checks. The scammer, with all of the victims' personal information, was able to easily pass these identity checks, and therefore had immediate high limits for many of these victims, myself included.




    How Did the Scammer Do This in So Many States?

    The scammer did NOT physically travel to the states where this was perpetrated. This was all done online. You do NOT need to be in the state of the gambling site, if you're only depositing and withdrawing. The geographic location is only restricted if you attempt to actually bet, which this scammer did not do.




    Can BetMGM Be Blamed for This?

    Sort of. It does not appear that BetMGM allowed any data to be breached. However, they gave too much leeway to Global Payments to handle deposits and cashouts with eChecks, thus making it easier for this fraud to occur. It is absolutely insane that the fraudster was able to create an account, deposit $10k, and then withdraw $7500 to a different account, all on the same day, without ever even playing! BetMGM should never allow this. In fact, by requiring at least some play before cashing out via eCheck, it would already make it much harder for the scammer, as he would have to physically go to the state of each gambling site he is using to scam. For example, if play were required, he could not have cashed out the $10,000 in my account unless he physically went to West Virginia and bet on something. It is also absurd that Global Payments allowed such a large cashout on the same day of deposit, especially to a different account.

    Both BetMGM and Global Payments were clearly negligent here, and poker players are now paying the price.




    Was This a Hacking of Global Payments?

    It's unclear at this time how the fraudster got the personal information. It is possible this was a result of a hack, and it's also possible that a rogue employee did it. It is also possible that this data came from somewhere other than Global Payments, and their connection is all a coincidence, but I don't think that's likely.

    I will say that the fraudster had extensive knowledge of the way Global Payments and their systems operate, and they also seemed to know which gambling sites were operated by Global Payments. This includes Viejas Casino's cashless system, which you wouldn't immediately guess was associated with Global Payments unless you were familiar with them. This person also seems to have had knowledge how to exploit Global Payments' security in the manner I described.




    Aside From What Was Already Suggested, What Should I Do If I'm a Victim?

    First off, call your bank and immediately inform them of the fraud. Explain that this was an unauthorized transaction committed by an identity thief, and that it has been happening to other poker players. There is a good chance you will be reimbursed.

    Second, call BetMGM and make sure no fake accounts are in your name. You can get the right BetMGM number by DMing them on Twitter.

    Third, go to local law enforcement. If only a small amount was stolen, you probably shouldn't bother, but if you lost $1000+, definitely go to the police and fill out a report. You are welcome to give them my name, and then you can contact me with their info to speak to them. My text number is (775) 372-8355.

    Fourth, as I mentioned earlier, freeze your credit for the moment.

    Fifth, close your bank account previously used for eChecks, and open a new one, but do these as two separate transactions. Do not do a fraud closure or otherwise the bank will sometimes transfer eChecks over to the new account!

    Sixth, call Venmo and make sure any fake accounts in your name are closed. Also ask if any fake account in your name, which would have been created in October or November 2022, has any money left in it. If so, ask for the process to retrieve it.

    Finally, get a hold of me, either on Twitter @ToddWitteles, or by text (775) 372-8355. I am compiling a list of victims, and getting details from each of them. Every story I get will be helpful regarding filling in the blanks I don't know.




    How Many Victims Are There?

    It is unknown. I know of approximately ten personally, but I am assuming it is much more than that. More and more people keep coming forward to me. All are known or semi-known poker pros.



    Is This Related to Other Fraud Issues Recently?

    Probably not. Anything which did not occur involving fraudulent eChecks via gambling sites, in October and November 2022 is likely a separate matter.




    What Are You Doing?

    Aside from my prior deep investigation into this over the past week, and my much more recent collection of victim information, I have also gotten a case started with law enforcement, and I am in contact with some BetMGM managers. Hopefully this and other efforts will allow us to find the fraudster and get him prosecuted.

    It is also important that we keep the pressure on Global Payments for answers, regarding this matter. Someone seems to have dropped the security ball, big time. It is not enough to simply get refunded by the bank. Our sensitive information has been stolen, and now we are vulnerable to future identity theft issues for the rest of our lives.



    I will continue aggressively investigating this situation and will update everyone as I find out more.

    Thank you for reading.

     
    Comments
      
      tigerpiper: You're better than Woodward and Bernstein

  9. #9
    Master of Props Daly's Avatar
    Reputation
    2408
    Join Date
    Mar 2013
    Posts
    9,459
    Load Metric
    24419166
    Ill say this…. Of all the poker pros in the world he could have targeted….. he picked the wrong one.

     
    Comments
      
      Sheesfaced: lol!
      
      Entropy: Note to Venmo: Be thankful if you can settle for 50k w Druff. The other intuitions better look the fuck out.

  10. #10
    Plutonium Sanlmar's Avatar
    Reputation
    3616
    Join Date
    Mar 2013
    Posts
    18,294
    Load Metric
    24419166
    You fucked with the wrong Marine

     
    Comments
      
      Sheesfaced:

  11. #11
    Diamond BCR's Avatar
    Reputation
    1848
    Join Date
    Mar 2012
    Posts
    6,300
    Load Metric
    24419166
    Who was the scammer from WV way back in the old days? I want to say Stevebets?

    Edit-stevebets was another dude. I just remember a prolific poker scammer from way back who, I think, occasionally would pop up on NWP
    Last edited by BCR; 11-15-2022 at 05:41 PM.

  12. #12
    Diamond Sloppy Joe's Avatar
    Reputation
    905
    Join Date
    Mar 2012
    Posts
    5,366
    Load Metric
    24419166


    (Sorry for the hassle, hope it's resolved soon)
    PokerFraudAlert...will never censor your claims, even if they're against one of our sponsors. In addition to providing you an open forum report fraud within the poker community, we will also analyze your claims with a clear head an unbiased point of view. And, of course, the accused will always have the floor to defend themselves.-Dan Druff

  13. #13
    Platinum
    Reputation
    345
    Join Date
    Mar 2012
    Posts
    3,966
    Load Metric
    24419166
    It's ALWAYS an inside job.

  14. #14
    Silver
    Reputation
    306
    Join Date
    Apr 2014
    Posts
    813
    Load Metric
    24419166
    Just want to say; agree the scammer fucked with the wrong guy, sorry you have to deal with this Druff; but the poker community at large is lucky you were a victim as no doubt you’ll figure this shit out before anyone else and they’ll benefit because of it.

    Above all truly sorry though this stuff is not cool and sadly seems to be becoming more and more common.

  15. #15
    Platinum FRANKRIZZO's Avatar
    Reputation
    362
    Join Date
    Sep 2014
    Posts
    2,695
    Load Metric
    24419166
    Skim read, where you affected by this scam druff. How much did scammer get you for?

  16. #16
    Diamond TheXFactor's Avatar
    Reputation
    1161
    Join Date
    Jun 2012
    Posts
    6,599
    Load Metric
    24419166
    Quote Originally Posted by FRANKRIZZO View Post
    Skim read, where you affected by this scam druff. How much did scammer get you for?
    Pretty sure Druff got back his money or it's going through the investigation process.

    If someone uses your banking information and does transactions that extract money from your bank account. You usually get your money back.

    Unless it's PayPal, Venmo or Zelle. They don't want to refund your money even if you get scammed. Beware.



  17. #17
    Gold JeffDime's Avatar
    Reputation
    1230
    Join Date
    Apr 2020
    Location
    Brick City, USA
    Posts
    2,200
    Load Metric
    24419166
    I believe Global Payments knows just about all of your bank account information once you initiate one transaction. They also determine what amount check a casino will cash for you. I always figured they basically knew roughly your banking balance. It’s possible there is some kind of algorithm they use over time, but regardless they have a pretty dam good idea. They get the substantial fee if you utilize a POS transaction if you have already used the ATM for the daily max. I am a little surprised BetMGM would allow ACH up to 10K on a new account.

  18. #18
    Cubic Zirconia
    Reputation
    13
    Join Date
    Nov 2022
    Posts
    12
    Load Metric
    24419166
    Really well written as always.

    You mentioned that the scammer had your bank account details to make the deposit.

    I think there's a good chance he did not have your bank details, or at least did not need them.

    Whenever I register for a new site, my bank account is already there under the ACH deposit method(stored via global).
    Most sites also show you your exact deposit limit.

    You can test this out yourself by signing up for any NJ/PA online casino that you have never used before.

    So really all the attacker would need is your Name/Address/ Last 4 of your social. That's all you need to get verified at these sites.
    NJ has recently started requiring phone number verification, but someone could use any number.

    I agree that there's a good chance a gaming site was breached for that info....But really that info could come from a lot of places. Name address and lass 4 of social really isn't much

    Can BetMGM Be Blamed for This?

    Sort of. It does not appear that BetMGM allowed any data to be breached. However, they gave too much leeway to Global Payments to handle deposits and cashouts with eChecks
    MGM was massively negligent approving that withdrawal. You wrote that global handles the deposits and withdrawals.
    It is true that Global Payments handle the money processing and the limits, but MGM would have had to manually approve the withdrawal on their end.

    Some withdrawals for established accounts may be automatically through BetMGM's security system, but a new account with no play like that would be reviewed by a human 100% of the time.

    Its likely the attacker talked to them as you, and possibly provided fake documents to get them to approve the withdrawal.

    You should ask MGM for any chat logs of interactions "you" had with them before the withdrawal was approved. If you could get MGM to let you know what documents they were provided (if any) would help paint a much more clear picture of what went down, and exactly how much information the scammers have on you.

     
    Comments
      
      Dan Druff: great info
    Last edited by Dizzy; 11-15-2022 at 11:26 PM. Reason: clarified last paragraph

  19. #19
    Owner Dan Druff's Avatar
    Reputation
    8476
    Join Date
    Mar 2012
    Posts
    49,104
    Blog Entries
    2
    Load Metric
    24419166
    Thank you, Dizzy, for registering and posting this clarification.

    Are you saying that someone with only your name, address, DOB, and last 4 of your social can automatically access your "stored" payment method with Global Payments, even if you did not elect to store it?

    If so, that's a HUGE security flaw.

    BetMGM support is very poor, and is mostly outsourced offshore. It was very tough dealing with them. However, after this blew up today, I was put in contact with two executives there, so hopefully I can get some answers.

    I agree they were extremely negligent in allowing this cashout (to a different account, no less) on the exact same day of account creation and deposit (and with no play!)

  20. #20
    Plutonium Sanlmar's Avatar
    Reputation
    3616
    Join Date
    Mar 2013
    Posts
    18,294
    Load Metric
    24419166
    I had no idea Dizzy.

    I have fairly recent memories off taking a selfie holding my license before a cash out was made for unregulated offshore.

    Shame on MGM and the useless gaming regulations.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 11
    Last Post: 04-12-2022, 08:37 AM
  2. Replies: 28
    Last Post: 03-26-2017, 11:18 AM
  3. Attack Poker (free-money poker site) signs convicted payment processor Chad Elie
    By Dan Druff in forum Scams, Scandals, and Shadiness
    Replies: 3
    Last Post: 07-17-2013, 02:04 PM
  4. Replies: 8
    Last Post: 11-20-2012, 05:44 PM
  5. Replies: 0
    Last Post: 03-26-2012, 07:04 PM