Hackers Win Big by Gambling on Identity Spoofing
In analyzing global cybercrime patterns ThreatMetrix found that identity spoofing, fueled by stolen identity data, is the most prevalent attack vector for the gaming and gambling industry.
Additionally, the Q2 2018 Gaming & Gambling Report discovered that location (IP) spoofing attacks increased 257% year-over-year, making it the fastest growing attack vector in the space. Because more sophisticated location spoofing tools are available, fraudsters are making frequent attempts to disguise their true location and launder money.
Distinguishing trusted users from fraudsters is made increasingly more challenging with malicious account takeovers (ATOs) and the use of collusive play and self-excluders.
“Rising cybercrime levels is no small issue for a sector that enjoys a truly global customer base,” said Ellie Burns, fraud and identity manager at ThreatMetrix, in a press release. “With more than two billion gamers worldwide, nearly 60% of the industry's traffic is cross-border.
"Operators must contend with a rapidly evolving regulatory landscape and stringent new anti-money laundering laws, making the verification of the true location of a transacting gamer a vital component in authenticating identity.”
An additional contributor to the growth of IP spoofing attacks is that users are trying to access services that might be restricted in their locations, which is one factor driving the high volume of cross-border traffic.
Increased mobile transactions were also a key finding in the report, resulting from more people placing bets and accessing accounts from their smartphones. The report revealed that 71% of all gaming and gambling transactions are now made via mobile devices, which is a 45% increase year-on-year. Not surprisingly, mobile payments are attacked more often than any other transaction. Hackers have realized that mobile serves as a door of opportunity where they are able to monetize stolen credentials.
“To deal with these challenges, gaming and gambling operators must incorporate dynamic digital identity intelligence that pieces together key indicators, such as device intelligence, true geo-location, online identity credentials and threat analysis, to better inform risk decisions. The key is to be able to effectively differentiate trusted users from fraudsters and understand changes in trusted user behavior, without adding unnecessary friction,” said Burns.
Source: Information Security Magazine