Personal Security Online: Not Worth Gambling WithDespite internet gaming being well-establised today, online security remains a source of suspicion and concern for many would-be gamers. Internet security expert Phil D’Angio reports for Gambling on how players can stay safe online
The internet can be a profitable place for the criminally minded. Fraudsters regularly lurk behind genuine-looking emails and websites, pretending to be part of a legitimate gambling or gaming company, often ones with which unwitting victims already have a relationship with.
Online gambling has become a big business with billions of pounds to be won and lost each year. Such sizable sums make the industry attractive to criminals, with many based thousands of miles away and outside legal reach.
The amount of money that can be made illegally online attracts some of the brightest criminal brains, making it ever easier for organised crime to think up new ways to siphon money from both the gaming sites and the gamblers using them. The scale of the internet makes stealing millions of small amounts quick and easy; this quickly adds up.
Looking at the size of the problem in the UK, a recent survey by YouGov commissioned by VeriSign has shown that in the last 12 months online fraud in the UK totalled £2.65 billion. The VeriSign Online Fraud Barometer also showed that one in eight UK adults had been a victim of internet fraud in the last year alone.
This number is for the UK as a whole and includes online retail and banking as well as gambling and online gaming. This last sector continues to grow even amid the credit crunch. With more and more people now online at home and broadband spreading from fixed line to mobile, the number of people having the odd flutter on the Grand National or playing National Lottery-style scratch card games online is climbing, increasing the number of accounts that could be taken over and the volume of personal information available to steal.
With the internet providing access to sites based anywhere in the world, knowing who is behind the site and whether they are genuine is a must. It was estimated in March this year, in an article in the Daily Telegraph, that 5,000 of the 7,000 gambling sites available to internet users are unauthorised. Spotting a rogue site is not always easy (see Fig 1). It is safest to assume a site or an email is a fake and then follow some simple checks to disprove this rather than risk having money or your identity stolen.
Most cyber criminal tactics have been around for some time. We have all heard of phishing and spyware, are conscious not to open emails arriving from foreign countries and keep our antivirus up to date. Yet criminals are constantly finding new ways of getting to install malicious software or lure the unsuspecting into divulging account details, such as the recent case of 130 million credit card records being stolen in the US.
As new technologies are launched, so the criminals’ tactics change. In many cases it often takes a successful security breach to alert the software and internet companies to a new problem. The newest technologies to be targeted by cyber criminals are social media sites and Wi-Fi networks. With cheap netbooks now readily available the poker player or online gambler can take his preferred games anywhere, connecting over a Wi-Fi network in Starbucks for example. The experts are advising users to be alert and don’t trust anything unless they are 100 percent sure of its origin. This applies equally to emails and websites.
Internet security experts are continually improving the level of protection available to gaming businesses to help customers identify if the sites they are playing on are genuine. Clearly identifying a site as being owned and run by who it claims to be is the first step a gamer should take in starting to trust a site.
In addition to extended validation authentication, there are five key signs to look out for before sharing personal information or making any financial transaction online, these are set out in more detail in Fig 2. Ideally all five would be provided by the website, and many of the established gambling sites in the UK do use some or most of these steps right now. It is yet another way of identifying whom to trust.
What many gamers and internet users are not aware of is that they do not need to rely just on a simple username and password. A second layer of authentication can be added to an individual’s account that asks for a one-time password that is only valid for 30 seconds and generated by a token, mobile phone application or credit card size device that fits in your wallet. Normally a simple six-digit number is entered into the website when logging into an account or making a payment. That one-time password is generated independently of the website and cannot be stolen, copied or intercepted.
The only issue is that the technology needs to be built into the site by the owner – it costs online gamers nothing more than the price of a text message. VeriSign’s technology is downloadable to use on many different types of mobile phone for free. Businesses such as PayPal are already offering ‘Two Factor Authentication’ technology via text message for use when making a payment online. Two Factor Authentication is most appropriate for sites you have an ongoing relationship with – and many gamblers are just such users. It is worth asking your favourite site if they are using this kind of technology.
It’s not all doom and gloom however. Legitimate gambling sites in the UK are continually working to ensure the level of security they provide their customers is the best available. Many are using authentication and encryption technology from VeriSign already. It is the fake sites we need to be wary of.
Yet online gamblers are still falling for the same old tricks. Diligence is key. Knowing the threats that exist and taking time to look for all the signs of an internet scam are the best way to protect yourself. Also remember that legitimate poker, gambling and betting sites will never ask for you to provide personal information they should already have. If concerned, email or call customer services before providing anything. You will be helping them as well as yourself.
Finally, take the time to check whether your preferred gambling site is genuine. A green address bar is a clear indicator of extended validation. You should also check for secure site seals such as the VeriSign tick or the Thawte padlock. This is an ongoing battle and one that each gambler needs to be part of. With greater knowledge of the threats and how to spot them, cyber criminals will win far less often.
Top five online threats
1. Phishing: Phishers will impersonate a legitimate gambling company by sending fake emails or creating fake websites in order to acquire your personal information—like PINs, credit card or bank account numbers, or social security info
2. Spyware: Software that records your personal information without you realising it as you log in to your gambling site account. Several anti-spyware software programs are available to combat spyware
3. Evil twin: A fake Wi-Fi network set up near to and often using a similar name as a real public Wi-Fi network, like those in libraries, parks, and coffee shops. If you unknowingly join the evil twin network, the criminal behind it will have access to all of the information on your computer
4. Phoraging: criminals can put together a blueprint for your identity drawn from information carelessly left on social networking sites, such as dates of birth, mobile phone numbers and email addresses
5. International schemes: Don’t respond to emails that suggest you have won or inherited money from someone, especially when it originates from a foreign country. Also, any scheme that asks you to give advance money for a larger sum in return is too good to be true, and will always be fraudulent
I believe that the top five security measures to look for on a website that show the best possible protection is deployed are:
1. Green address bar: This signifies that the site has undergone extensive identity authentication so that you can be confident it is the site it claims to be
2. https: The ‘s’ in https:// means the site is encrypted, so the information you enter is secured
3. The padlock icon: To be meaningful this icon must appear in the actual browser interface and not inside the content of the page itself
4. Trust marks: Popular trust marks like logos can indicate important things about an online business
5. Check the web address: Be suspicious of any site with an unknown domain that contains the name of a well-known site in the latter part of the web address