Results 1 to 11 of 11

Thread: Thieves who hit poker pros' bank accounts are now targeting DraftKings and New Jersey sites in a new theft/hacking scheme

  1. #1
    Owner Dan Druff's Avatar
    Reputation
    8468
    Join Date
    Mar 2012
    Posts
    49,044
    Blog Entries
    2
    Load Metric
    24205679

    Thieves who hit poker pros' bank accounts are now targeting DraftKings and New Jersey sites in a new theft/hacking scheme

    Please read this thread carefully if you have an account on DraftKings or any legalized gambling site in New Jersey. In fact, you should read this if you have an account on any legalized gambling site anywhere.

    As you probably know, from early October through mid-November, many poker pros were targeted for up to $10,000 in an impersonation/bank account theft scheme. In this scheme, new accounts were created on BetMGM and other sites using personal information of the victims (usually known poker pros). When that info matched what was previously on file for a payment processor (Global Payments), the fraudsters were able to directly steal money out of the bank accounts of the victims, as these bank accounts were already pre-loaded, having previously been used on other sites. You can read all about the scheme in the link I provided above.

    Now there is a new scheme, which I believe is being perpetrated by the same fraudsters, targeting mainly Draftkings and New Jersey gambling sites!

    Unlike the other scheme described, this one does NOT involve impersonation or new accounts, but simply involves breaching accounts and stealing money from there.

    The accounts are being breached via what's known as a "credential stuffing attack". This is very simple. The fraudsters buy a huge list of name/e-mail address/password combos on the dark web, which were obtained by past breaches of other sites (perhaps not even gambling sites). They then set up a program to automatically attempt to log in to other sites using that info. If people used the same e-mail/password combo on multiple sites, it is very easy to breach their accounts that way.

    Unfortunately, many Draftkings users indeed use the same e-mail/password combo on many sites.

    https://twitter.com/#!/x/status/1594769117894279168

    From there, once the fraudsters have accessed the Dratfkings account, they withdraw the existing money in the account to a Venmo Debit Mastercard they set up in the victim's name. If there is little-to-no money in the Draftkings account, they attempt to make a deposit using the victim's money (via any previously used method, including Global Payments / VIP Preferred), and then they withdraw the money to the Venmo Debit Mastercard. Once the money is withdrawn, they sent it elsewhere on Venmo, and get it off the platform in one of various ways.

    There is a high chance that these are the same fraudsters, given both the similar timeframe, and the Venmo Debit Mastercard exit strategy.




    Instructions on preventing being a victim:

    1) Log into ALL gambling sites where you used the same e-mail/password combo as on other sites, and change your password immediately. It does not matter if the password in common was from a non-gambling site. If you have ANY gambling accounts where the e-mail/password combo is used elsewhere online, change the password immediately!

    2) Check any bank accounts or credit cards you used in the past on these sites, and make sure there are no unauthorized charges.

    It is probably not necessary to do this on sites where you are sure you have a unique password.




    If you were a vicitm:

    1) Write to support@draftkings.com, or call the phone number of the other sites where you have been victimized. Note that Draftkings does not have telephone customer service, which is frustrating.

    2) If money was taken out of your bank account, report it to your bank immediately.

    3) Close any bank account linked to the sites where your account was breached, and open a new one. Do not close it and replace it, or they might transfer over the fraudster's future withdrawals! Close the bank account fully, and then open a new one separately, without having any link between the two.




    If you have gotten a ton of "2FA" (two factor authentication) requests on your phone lately:

    This means the fraudsters are attempting to get into your account, and are unable to do so because you are protected by the 2FA method. Do NOT give out those codes sent to you, and do NOT click on any links sent to you via text. If this is happening, immediately log into the sites sending you these 2FA requests, and change your password.

    Pokerstars New Jersey was one of the sites recently sending out these 2FA requests, meaning the fraudsters were likely trying (but failing?) to get into those accounts.



    I will provide more information as I learn more.

  2. #2
    Owner Dan Druff's Avatar
    Reputation
    8468
    Join Date
    Mar 2012
    Posts
    49,044
    Blog Entries
    2
    Load Metric
    24205679
    Here's a Twitter thread from a friend of one of the victims:

    https://twitter.com/#!/x/status/1594369249535217664
    https://twitter.com/#!/x/status/1594486103356194816


    Notice the "Mastercard" used for withdrawal. In the other scheme against poker pros involving BetMGM, the fraudsters were using Venmo Debit Mastercards to withdraw. This is highly likely what is going on here, as well.



    Also, look at this suspicious crap from Pokerstars NJ, which they're claiming was an "issue", not failed breach attempts:

    https://twitter.com/#!/x/status/1592970544265457664
    https://twitter.com/#!/x/status/1594349151931682816

  3. #3
    Owner Dan Druff's Avatar
    Reputation
    8468
    Join Date
    Mar 2012
    Posts
    49,044
    Blog Entries
    2
    Load Metric
    24205679
    Melissa Burr was one of the attempted targets:

    https://twitter.com/#!/x/status/1594767703276982281
    https://twitter.com/#!/x/status/1594767707341484038



    They also got into her BetMGM account, and attempted to deposit from her bank account:

    https://twitter.com/#!/x/status/1593023865793708032

  4. #4
    Platinum ftpjesus's Avatar
    Reputation
    516
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    3,619
    Load Metric
    24205679
    Got an email from Fanduel today regarding turning on 2FA. I emailed them back told them the issues are the payment processors and people creating second accounts and less about people trying to hack accounts. and that maybe they should consider who theyre doing business with.

  5. #5
    Owner Dan Druff's Avatar
    Reputation
    8468
    Join Date
    Mar 2012
    Posts
    49,044
    Blog Entries
    2
    Load Metric
    24205679
    Quote Originally Posted by ftpjesus View Post
    Got an email from Fanduel today regarding turning on 2FA. I emailed them back told them the issues are the payment processors and people creating second accounts and less about people trying to hack accounts. and that maybe they should consider who theyre doing business with.
    They're actually right.

    The issue is both now.

  6. #6
    Plutonium Sanlmar's Avatar
    Reputation
    3615
    Join Date
    Mar 2013
    Posts
    18,270
    Load Metric
    24205679
    Offshores still secure

    Lol regulation.

  7. #7
    Cubic Zirconia
    Reputation
    13
    Join Date
    Nov 2022
    Posts
    12
    Load Metric
    24205679
    We'll probably never know the truth.. but I'd be surprised if it's actually the same people.

    Two totally different schemes (hacking/ Account creation fraud). I think it's more likely to be two different bad actors.

    Hopefully they get caught and we actually do find out eventfully.
    Unless they are extremely good at covering their tracks, it should be very easy to catch them through geolocation. If that fails, good old fashioned following the money might work too.

  8. #8
    Cubic Zirconia
    Reputation
    15
    Join Date
    May 2022
    Posts
    45
    Load Metric
    24205679
    DraftKings stock took big hit today, after they self-reported approx 300k in customer funds were fraudulently accessed. Made it into my Apple stock news feed, via Bloomberg. Took some DKNG puts after the other thread went up, not entirely because of this issue, but partly. Not that I resemble anything close to a decent trader though lol. Donated a couple bucks to the cause, please keep info coming

  9. #9
    Owner Dan Druff's Avatar
    Reputation
    8468
    Join Date
    Mar 2012
    Posts
    49,044
    Blog Entries
    2
    Load Metric
    24205679
    Quote Originally Posted by Dizzy View Post
    We'll probably never know the truth.. but I'd be surprised if it's actually the same people.

    Two totally different schemes (hacking/ Account creation fraud). I think it's more likely to be two different bad actors.

    Hopefully they get caught and we actually do find out eventfully.
    Unless they are extremely good at covering their tracks, it should be very easy to catch them through geolocation. If that fails, good old fashioned following the money might work too.
    I think you're dismissing the similarities too easily.

    Not only did they occur close together, but they both had Venmo Debit Mastercards as an exit strategy. It is possible they moved onto this when it got too hard to continue doing these fake accounts and stealing that way.

  10. #10
    Cubic Zirconia
    Reputation
    13
    Join Date
    Nov 2022
    Posts
    12
    Load Metric
    24205679
    Holy shit.. Sites are starting to send emails as a result of this.

    Here is two I got today:

    BetParx - PA site. Parx casino's online site. Looks like they turned on 2fa for everyone.

    Name:  betparx.jpg
Views: 172
Size:  246.1 KB

    Play+ - Payment processor - This is the company Sightlight. It's another deposit method where you get a physical card when you sign up. Basically a Discover debit card which you can then use to deposit to the gaming site.

    Name:  playplus.jpg
Views: 171
Size:  252.0 KB


    I guess the Play+ email doesn't directly mention this but seems related.
    Edit: after reading it again, its clearly addressing the Global situation without saying it

  11. #11
    Owner Dan Druff's Avatar
    Reputation
    8468
    Join Date
    Mar 2012
    Posts
    49,044
    Blog Entries
    2
    Load Metric
    24205679
    Let's just say some "major media" contacted me today about this story.

    I tried to warn these companies weeks ago to listen to me and let me speak to their security departments. All refused, then promised to give my info to be contacted, and none emailed or called until this blew up huge.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 9
    Last Post: 09-21-2022, 03:51 PM
  2. Major (and ongoing) Venmo hack is targeting accounts of big name poker pros
    By Dan Druff in forum Scams, Scandals, and Shadiness
    Replies: 34
    Last Post: 06-27-2021, 06:14 PM
  3. Replies: 12
    Last Post: 02-18-2021, 01:23 AM
  4. Replies: 4
    Last Post: 03-17-2019, 12:47 PM