Please read this thread carefully if you have an account on DraftKings or any legalized gambling site in New Jersey. In fact, you should read this if you have an account on any legalized gambling site anywhere.
As you probably know, from early October through mid-November, many poker pros were targeted for up to $10,000 in an impersonation/bank account theft scheme. In this scheme, new accounts were created on BetMGM and other sites using personal information of the victims (usually known poker pros). When that info matched what was previously on file for a payment processor (Global Payments), the fraudsters were able to directly steal money out of the bank accounts of the victims, as these bank accounts were already pre-loaded, having previously been used on other sites. You can read all about the scheme in the link I provided above.
Now there is a new scheme, which I believe is being perpetrated by the same fraudsters, targeting mainly Draftkings and New Jersey gambling sites!
Unlike the other scheme described, this one does NOT involve impersonation or new accounts, but simply involves breaching accounts and stealing money from there.
The accounts are being breached via what's known as a "credential stuffing attack". This is very simple. The fraudsters buy a huge list of name/e-mail address/password combos on the dark web, which were obtained by past breaches of other sites (perhaps not even gambling sites). They then set up a program to automatically attempt to log in to other sites using that info. If people used the same e-mail/password combo on multiple sites, it is very easy to breach their accounts that way.
Unfortunately, many Draftkings users indeed use the same e-mail/password combo on many sites.
https://twitter.com/DK_Assist/status/1594769117894279168
From there, once the fraudsters have accessed the Dratfkings account, they withdraw the existing money in the account to a Venmo Debit Mastercard they set up in the victim's name. If there is little-to-no money in the Draftkings account, they attempt to make a deposit using the victim's money (via any previously used method, including Global Payments / VIP Preferred), and then they withdraw the money to the Venmo Debit Mastercard. Once the money is withdrawn, they sent it elsewhere on Venmo, and get it off the platform in one of various ways.
There is a high chance that these are the same fraudsters, given both the similar timeframe, and the Venmo Debit Mastercard exit strategy.
Instructions on preventing being a victim:
1) Log into ALL gambling sites where you used the same e-mail/password combo as on other sites, and change your password immediately. It does not matter if the password in common was from a non-gambling site. If you have ANY gambling accounts where the e-mail/password combo is used elsewhere online, change the password immediately!
2) Check any bank accounts or credit cards you used in the past on these sites, and make sure there are no unauthorized charges.
It is probably not necessary to do this on sites where you are sure you have a unique password.
If you were a vicitm:
1) Write to support@draftkings.com, or call the phone number of the other sites where you have been victimized. Note that Draftkings does not have telephone customer service, which is frustrating.
2) If money was taken out of your bank account, report it to your bank immediately.
3) Close any bank account linked to the sites where your account was breached, and open a new one. Do not close it and replace it, or they might transfer over the fraudster's future withdrawals! Close the bank account fully, and then open a new one separately, without having any link between the two.
If you have gotten a ton of "2FA" (two factor authentication) requests on your phone lately:
This means the fraudsters are attempting to get into your account, and are unable to do so because you are protected by the 2FA method. Do NOT give out those codes sent to you, and do NOT click on any links sent to you via text. If this is happening, immediately log into the sites sending you these 2FA requests, and change your password.
Pokerstars New Jersey was one of the sites recently sending out these 2FA requests, meaning the fraudsters were likely trying (but failing?) to get into those accounts.
I will provide more information as I learn more.
Reply With Quote
Originally Posted by ftpjesus
