Account security concerns at multiple casinos

[maxd]

A highly reputable casino, it's just a myth, marketing tactic. You seem to be never safe.

Of course you're entitled to your opinion Cyprean but I don't think this statement is fair or true. Sure, there are some bad apples in the bunch, even a few rotten ones, but many casinos and poker rooms have worked long and hard to earn and keep their good reputation. Of course that's no guarantee that it will always be so, but I think one needs to give credit where credit is due.

[jetset]

There is also the ever present risk of human error, rather than malice or outright dishonesty - a casino can go for ages, handling millions of individual transactions without missing a beat, but then a single human stuff-up or plain stupid decision can bring discredit and abuse.

I'm not excusing inefficiency, but it happens....and not all screw-ups are motivated by evil intent. They're screw-ups, and the manner in which the casino management addresses them can speak volumes for their professionalism and the possibility of continued trust from players.

[lifechooser]

Ok, time's up. I think the casinos involved have had fair warning.

-----------------

The most recent one is totesport. I have had spam emails from 'superpalacegold.com' and 'Gold VIP Club Casinos' (http://mLink.org/55322, signed by itsforyougetitnow.com). I have not clicked on any of those links.

Their response to my emails were less than satisfactory as far as I am concerned;

The Marketing team have investigated this and believe the reason for the spam is an automated spam program has guessed your email address by using all combinations of the word "totesport". Other customers with "totesport" as part of their email address have been targeted by this in recent weeks, as have members of our staff who have "totesport" or "tote" as part of their email addresses.

We never pass on any confidential customer information to third parties and take customer privacy very seriously. Totesport have one of the best reputations for security and trustworthiness in the online gaming community.

You have received it as you have registered an email address beginning with 'totesport'. As we have stated below even some of our own staff have received them as they have email addresses like this. We would not pass your details on to anyone else.

The emails you have shown us are gambling related, if they search for email addresses using 'totesport' then they are expecting to find people who have gambling accounts and can aim these emails towards them.

To me this suggests that they think I used totesport@mydomain.com elsewhere on the internet and that's how spammers have picked it up. They won't be told otherwise. I've asked for my account to be deleted, however I imagine it will only be deactivated, and this gives me cause for concern. However the words stable, door and bolted spring to mind in this instance.

-------------

Also last week was bluesq.

I received emails from; http://www.bigota.net/ and http://www.bluesb.net/. Once again I haven't visted the sites, and do not know if they are casinos, rogues, phishers or virus sources.

Bluesq told me on wednesday that their security is investigating, and they haven't traded or sold any email addresses ever.

I chased them sunday and am awaiting a response.

-------------

Way back late last year my intercasino.com, intercasino.co.uk and littlewoods addresses were used by 'iCasinoMagazine' who 'reviewed' Empire Casino.

All three casinos liased with each other and identified a member of support staff who had walked off with a list of email addresses. The last I heard was that they were trying to take the guy to court, but that was many months ago, possibly a year. I haven't heard anything since, though I did get a spam email from a willhill affiliate to one of those addresses.

---------------
Going back to stable doors and bolted horses. I really want to hear from uninvoled casinos about what security they have in place to prevent this from happening in future. And I advise you all to use unique email addresses if you have the power, i.e. your own domain with a catch-all account.

[Casinomeister]

Well, totesports got back to me and they were planning to respond here, but they wanted to see what the other casinos came up with. So it's not like this isn't being looked into seriously.

I would suspect either a spam machine generating these sorts of emails, or some ex-employee walking off with an email list is what is happening here.

I seriously doubt any of these casinos would sell an email list - for one thing it's not worth the risk, and they make enough money through legitimate means. Selling email lists are usually done by your fly-by-nights or Costa Rican clip shot joints that lack scruples and are hard up for cash.

[Casinomeister]

...Going back to stable doors and bolted horses. I really want to hear from uninvoled casinos about what security they have in place to prevent this from happening in future. And I advise you all to use unique email addresses if you have the power, i.e. your own domain with a catch-all account.

Excellent point - I've always recommended that players do this to fight spam:
http://www.casinomeister.com/casinos.php

Point seven: Fight Online Casino Spam

And here:
http://www.casinomeister.com/online_casino_spam.php

[lifechooser]

Totesport's response to me has now turned into an email war where I am trying to explain how spam attacks work.

The spam machine theory falls flat as I haven't had spam to othernames@mydomain.com nor totesport@myotherdomains.com. So it has to be an address the spammers know to be true and worth targetting. Othernames@mydomain.com is also true, but they haven't seen the worth in targetting that.

The selling details part I agree with absolutely. Casinos would make pennies from selling addresses compared to the amount of money they stand to lose from doing it. It's pointless and only an imbecile of a manager would do it.

It's surely an issue of security. I want to know what is being done to prevent this from happening at other casinos, and how it happenned in the first place. Most of all I want to hear that my banking / security questions etc are kept more securely and are safe.

[anniemac]

First off, let me say that I am in now way as knowledgeable as most of you on this forum about domain names etc, wish I was but I am not. That said, I have now learned something new. I wondered where in the world some of these strange casino email offers I was getting on my AOL account were coming from. Now I know. Since I only have used my AOL (bad AOL) account with two casinos, looks to me like they have either had a breach in their security or, heaven forbid, they know that my email has been sent out for spamming. Both of these casinos are very reputable so I hope it is the first option. Of course, I just delete without opening but it is still coming.

You should see my Yahoo! account. I get roughly 300 spams a day. But I use this account as a catchall for everything. I had hoped when I set it up that AOL would remain clear and Yahoo! would be the one for spam. But now they are creeping in on me.

How interesting!!

[lifechooser]

It's not as simple as that either.

Because so many people use AOL.com as their domain, it is worth the spammers time and effort to spam every permutation from a@aol.com to zzzzzzzzzzzzzzzzz123123@aol.com, and it's quite possible that that is the case with you.

The same is true of most addresses given out by ISP's or webmail hosts, and large companies.

It's less true of smaller companies and personal domains, and when an attack does happen, it's far more obvious. Attacks are rarer as the spammers know they will have a lower sucess rate at mydomain.com than aol.com or ford.com, and as a result it's not worth the effort and computing power.

[maxd]

There are other reasons to be skeptical of the spam machine theory. For instance I have several domain names that I use for email and a generic "catch all" mailbox at those domains which is used if an email comes in with an unknown addressee.

Guess what? I don't get a lot of email sent to random names while I do get a fair amount of spam targeted at my specific email addresses. Admittedly I have used those email addys at various places around the web, not a lot but a little, so you could understand how those would get picked up and added to the spam lists.

So what I'm saying is that I've had these domains for years and very seldom see the random addressee thing happen.

[lots0]

With a packet sniffer (program to peek into data being transfered over an internet) a spammer can collect tens of thousands of unencrypted email addresses in just a few minutes.

About Packet Sniffers

Your unencrypted email addresses are NEVER safe from spammers.

The more unencrypted email you send the better your chances of your email address getting collected by a spammer.

Also some spammers like to have their packet sniffers frequent specific networks, so they can collect email addresses from people that have shown an interest in what the spammers are selling or promoting, you know things like online casinos...

I find it amusing that the casinos and casino employees are being blamed... When in fact, the security for unencrypted emails is about as good as the security at the USA's southern border.

In other words, sending an unencrypted email is about as secure as publishing your email (and your email address) in your local news paper's classified section.

FYI - You may encrypt your email... But what about the person that replies to your email or sends you an email? If the person that replies to your email or sends you an email does not encrypt their email, your email address is still out there for the spammers to collect.