Have you ever placed an online bet, or can you be found on the other side of the table operating an online casino? Regardless of where you sit, you are a potential target for cybercriminals looking to launch bonus abuse scams or complete account takeover. With Sigma, the biggest gambling and gaming conference, just around the corner, we are covering the subject of increasing fraud across the gambling and gaming industries to keep you and your customers safe while having fun.

What is bonus fraud?

Online casinos offer a variety of bonuses as a marketing tactic to attract and retain their most active players. However, these bonuses are not only enticing to the players but also to online fraudsters. Scammers create multiple accounts or use stolen identities to illicitly claim bonuses over and over again. That way, online casinos can potentially lose millions from their marketing budget, and legitimate players can lose access to their accounts and funds. This type of fraud, known as bonus abuse fraud, can cost online casinos millions of dollars in yearly losses.

How do fraudsters steal your money?

Experienced fraudsters have multiple ways to exploit vulnerabilities and carry out targeted actions to launch bonus abuse scams and takeover user accounts. To do so, they create accounts or purchase registered and verified user logins on the darknet. However, this high level of efficiency demands a lot of preparation and research into the technical and logical vulnerabilities of the gambling systems.

With the Group-IB Fraud Matrix, you can track the full execution process of a fraudulent scheme step by step, from the initial "reconnaissance" phase to monetization and money laundering.

Example from Group-IB's Fraud Matrix tool: free bets bonus abuse.Example from Group-IB's Fraud Matrix tool: free bets bonus abuse.

As a first step, scammers choose a betting loyalty program that, in their opinion, is the most profitable depending on the potential of collecting bonuses. This can include companies that focus on attracting new players by offering incentives such as registration bonuses, bonuses for specific actions, bets on specific sports events, etc.

As mentioned before, scammers access dark web communities and marketplaces to research their options. They may even actively exchange data or ask for advice from fellow scammers.

Example of a request for paid help regarding creating fake betting accounts.Example of a request for paid help regarding creating fake betting accounts.

An example of a marketplace for betting accounts.An example of a marketplace for betting accounts.

If you thought that creating fake accounts would require hours of setting up, well, you would be mistaken. Fraudsters can quickly and easily purchase pre-made accounts on the darknet. These accounts can be warmed up by creating a history of regular and legitimate transactions to increase their trustworthiness.

Finally, they utilize these accounts to commit fraud. They leverage the accessed accounts in many ways to control poker tables, bet on both possible outcomes using free funds, or launder money with matched betting, ultimately contributing to financial crime and massive monetary losses.

Now that we know how fraudsters plot and implement their tactics, the question is, how to keep them out of your online gambling environment?

To safeguard against such fraudulent activities, online casinos and their players should educate themselves on the newest threats and maintain the highest possible standards when it comes to account security.

Unfortunately, with the constant introduction of new schemes and the increasing sophistication of technologies behind fraudulent processes, this won't be enough. Online casinos are advised to partner with anti-fraud solution providers to detect suspicious behavior before the damage occurs.

Group-IB’s Fraud Protection solution, for example, adopts a multi-pronged approach based on device fingerprinting, behavioral analysis, and network analysis to detect and prevent fraudulent activities.

Starting at the account takeover stage, the Fraud Protection system can detect the use of tools hiding geographical locations and manipulating device fingerprinting. The solution is also capable of identifying deviations in user behavior, especially if the user account was purchased on the darknet. Additionally, the system can map the relationship between different accounts to identify fraud networks that pose a greater threat than individual scammers.

Fraud Protection not only identifies fraudulent accounts but can take various actions to prevent the fraudster from claiming bonuses by blocking malicious bots, detecting fraudster devices trying to control fake accounts, colluding with other partner members of the same fraud network, or performing account takeover. Our passive biometrics solution allows us to detect fraudulent activity without impacting the user experience of genuine online players.

Additionally, tools like Fraud Protection can be supported by risk management tools for end-to-end protection. Group-IB Digital Risk Protection can work simultaneously with Fraud Protection and monitor darkweb shops selling fake accounts of online gambling companies. Monitoring the activities of the fraudulent community can be crucial in eliminating vulnerabilities presented by bonus programs or any other fraud schemes targeting the gambling and gaming industries.

Fraud Intel Europe - Malta Meet-Up 2023

On November 13, the Group-IB anti-fraud team will host its first meet-up for the gaming and gambling industries. The event will see anti-fraud specialists gather to exchange knowledge and support the mission of fighting cybercrime as part of Fraud Intel Europe’s stated aim of educating businesses and end customers about the most persistent threats.

If you are an online gambling operator, online gaming business owner, payments service provider, or an anti-fraud specialist and would like to learn more about the Fraud Intel Europe community or how Group-IB protects businesses worldwide with their technologies, join us at the Malta Meet-Up. Registration is free, but seats are limited, so make sure to register on time.

If you're going to be at Sigma Malta this year, you can also catch Group-IB's team during the conference. Two Group-IB thought leaders, Camill Cebulla and Julien Laurent will speak at panels on November 15th: Saving the day with KYC and AML: Users & Investors Protection in action and Good KYC and AML does not have to spoil the fun. You can also book a meeting slot with Group-IB’s Business Development Manager for the gambling industry, Sarah Psaila, by following this link.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.