Email fraudsters prefer online bookmakers to dating sites

Fraudsters are increasingly posing as online bookmakers to persuade victims to click on links which will infect their machines with malware or take them to websites where their banking details can be stolen.

A recent study from Group-IB supplier of cybersecurity tools outlines the types of risks it has encountered in suspicious emails during the first half of 2020. The organization reports 9,304 phishing network services were blocked in H1 2020, up 9% from the first half of 2019.

Regrettably, Group-IB reports that 69% of these services used secure SSL/TLS links, up from 33% by the end of 2019. Pages that lack SSL/TLS credentials are frequently flagged by web browsers until a target is permitted to continue, thereby reducing the efficacy of phishing attempts, however false or counterfeit certificates are widely accessible on the dark web.

Emails emanating from legal web networks accounted for 46.2% of suspicious emails, while providers of email services ranked second with 24.1%. The top-five is rounded out by banking institutions (10.7%), payment systems (4.3%) and social networks (4.2%).

Emails purporting to come from online bookmakers ranked sixth with 3.8%, about twice as many as they reported to be from dating sites. Individuals who are sent to these fake bookies could bang their account details without thought twice, in which their actual betting account – not to mention their credit cards and other banking networks – could be plundered at will.

Australia's telecom watchdog recently released a alert about malware in emails from globally sanctioned online casinos, but that notice came as part of a larger effort to paint every non-Australian platform as rife with cooties, so take that with a grain of salt.

Returning to the study, Group-IB says almost half (44%) of the network domains used in those phishing attempts were dot-com and the highest popularity among domains belongs to Russia (9%) and Brazil (6%).

In terms of stability, the pandemic has not been good to the online gaming industry, with the monthly number of distributed denial of service (DDoS) attacks going up five-fold between February and May of this year as the lockdowns took hold and online activity increased.

If there is an upside to this case, it is that Group-IB only said 1% of the emails it examined included ransomware, a sharp drop from the second half of 2019, during which ransomware was in every second file. This is apparently attributed to the changing of ransomware operators from mass attacks to focused enterprise network activities.

Spyware took ransomware's previous position as the top malware puppy, which was contained in 43% of emails analysed. Downloaders (which mount additional malware) ranked second with 17%, closely followed by backdoors providing remote access to target computers (16%) and Trojan banking (15%).

Online gambling operators are often urged to ensure that workers take proper caution before clicking on links or opening attachments to email. Some Asian-facing sites learned the last year's hard way lesson. U.S.-facing sportsbook BetUS had purloined data reported online this spring, and customers of SBTech sportsbook provider were taken offline around the same time after an unspecified assault hit the firm.

Land-based casinos are gradually being shot by hostile operators, too. Several years ago Iranian hackers attacked Las Vegas Sands Pennsylvania casino, while more fiscal-minded hackers threatened several casinos in Canada. The Sugar Creek casino in Oklahoma was forced to close down earlier this month after an undefined 'network security incident over the weekend of Labour Day.