My account got hijacked....

[steffigraff77]

Without mentioning any names as the investigation is still continuing...

On sunday morning i noticed that there were three transactions taken from my web wallet on Saturday night - 100, 1000, 1000 all within seconds of each other.

I quickly contacted the web wallet and the casino and froze my accounts. They are currently investigating it and the matter is nearly resolved but it appears that someone got hold of my details- I am not sure how and got into my casino account which happens to have a poker side and played with my money and tried to withdraw to another account. I have never played poker.

The casino have contacted me and told me that they have managed to recover everything bar a couple of hundreds pounds as this was difficult to trace. They will not return this to me as they quoted a clause to do with

'it is a player sole responsibility to maintain the integrity of their usernames and account numbers as well as their passwords.'

As far as i am concerned i did. It is still not clear how the person managed to get hold of my details but they clearly did.


Has anyone else had this kind of experience? Fortunately, i spotted this quickly ...had i not would i have still been covered against this kind of crime- like credit cards. I get the impression i would not have been?

And what kind of security lengths are people prepared to go to? Or is it not wise to talk about this on a public forum?

 

[silcnlayc]

To keep this from happening to me, (I was hijacked once too a long while back) I only keep enogh funds to play with for that day. I do not carry a balance or leave any in my wallet other than what I have pending in my casino withdrawal accounts that will be deposited into it, then I remove it.

The wallets will not cover any losses that could not be recovered. So please be careful and if you have a boyfriend, husband or roomate, you might want to find out if they like playing poker. That would be a big tell if they might be the culprit.

.

 

[vinylweatherman]

Without mentioning any names as the investigation is still continuing...

On sunday morning i noticed that there were three transactions taken from my web wallet on Saturday night - 100, 1000, 1000 all within seconds of each other.

I quickly contacted the web wallet and the casino and froze my accounts. They are currently investigating it and the matter is nearly resolved but it appears that someone got hold of my details- I am not sure how and got into my casino account which happens to have a poker side and played with my money and tried to withdraw to another account. I have never played poker.

The casino have contacted me and told me that they have managed to recover everything bar a couple of hundreds pounds as this was difficult to trace. They will not return this to me as they quoted a clause to do with

'it is a player sole responsibility to maintain the integrity of their usernames and account numbers as well as their passwords.'

As far as i am concerned i did. It is still not clear how the person managed to get hold of my details but they clearly did.


Has anyone else had this kind of experience? Fortunately, i spotted this quickly ...had i not would i have still been covered against this kind of crime- like credit cards. I get the impression i would not have been?

And what kind of security lengths are people prepared to go to? Or is it not wise to talk about this on a public forum?

Bullshit, the clause they quoted NOWHERE states that the casino can KEEP the money if they manage to recover it, it would ONLY cover them (and this is debatable) were they unable to trace and recover the money.

There is also the matter of HOW they got your details, it could easily be someone on THEIR side that did it. There seems to be a problem at their end too if it was so easy for someone to get the details of BOTH your casino account and webwallet, and then proceed to "chip dump" to another account without anyone noticing.

You could pursue the web wallet for the money by mentioning the casino DID recover it, and now has it in their possesion. It is nothing short of theft for the casino to KNOWINGLY keep stolen money for it's own benefit.

Casinos seem to forget that all the money they receive as deposits starts somewhere, and this somewhere is usually a bank, where strict rules are in place making it fairly easy for victims of fraud to get their money back. The casino have already admitted that this money came to them illegally, so you have proof of a crime that you could present to first the web wallet, and then your bank if they fail to cooperate.

You should also consider the PAB route, which depending on which casino this is, could make them see sense before it is too late.


I notice you are in London. You can therefore be up front with your bank that this was to do with online gambling, and under FSA rules, and the banking code, they are supposed to refund any money that has been stolen fraudulently, unless they can PROVE that you acted carelessly, such as writing down your security details and leaving them around to be stolen. Whatever method you used to deposit this money into the webwallet is likely to be covered by similar codes, and if it is Neteller or Moneybookers, they are directly, if lightly, regulated by the FSA, and would be expected to do their best to recover stolen funds, and in this case we KNOW that most of the money was recovered.

 

[catrina m]

If they were trying to get their hands on it , it seems the account they were trying to transfer it too should be held accountable.

IP address is another option.

I worry about this happening, that is why my bank account for gambling is used only as such and stays pretty cleared out.

 

[love2winalot]

Hiya: Do what weatherman says, and just challenge the transactions thru your bank. I do not know how it works where you are at, but with BOA, if you have an unathorised transaction, you can challenge it. The bank returns the money into your account, pending investigation. The Web Wallet, now has to show that the requested withdraw came from, "YOU".

This is one of those you have everything to gain, and nothing to lose, by challening the transaction. Good luck.

 

[AussieDave]

I
IP address is another option.

Not always. These days there are all sorts of measure, programs and such to use to hide your IP. (Wont go into it here for security reasons).

I do however believe that the VWM is onto something

I also find it hard to believe how all this took place under their noses, it just don't make sense. Especially now they claim to have recovered the cash - well all but a few 100.

When you also factor in that someone got into your web wallet too...Well that's the icing on the cake. Sounds like an inside job to me!!!

That's if anyone actually hacked into your account to start with? I mean who's to say this is just a Patsy load of BS given to you by the casino. Who know's there are some right dodgy place out there!

Now you've found CM Land, in future I'd be checking out the accredited list here:
https://www.casinomeister.com/accredited-casinos/

I'd be interest to know what date they (the casino) told you the money had been recovered. From what I'm reading it only sound like a few days or so if that.

Believe me it takes longer than that to recover cash; especially via a casino.

I'd take VWM's advice and PAB...This just sounds really dodgy to me.

Please keep us in the loop on this, can't wait to find out which casino outfit (cough clip joint) pulled this one


Cheers
T

 

[steffigraff77]

This is the response i got from the casino ..(again i have held back the names..): Sorry i may not have been clear above but i meant above that they were keeping the amount they could not recover.

We have reviewed your poker account and the gameplay and can see that your account had 2100 deposited from your ***** account and this was passed through to another account on the network.

We have investigated into this and have recovered funds from the account in question and this has been credited back to your poker account. A total of 1907.40 has been recovered and this has been re-credited to your account

Unfortunately 192.60 has been played by the account in question and these funds have been lost to various other players in the network which we can not recover.

We will not be refunding the 192.60 as the breach was unfortunately on your end outside the ****** Network and as per our terms and conditions Clause 5.1 Articles (viii) and (ix) it is a player sole responsibility to maintain the integrity of their usernames and account numbers as well as their passwords.

The funds are sitting in your account and as it has been compromised we can not re-open it until we issue you a new password. However this can not be done until we have your confirmation that your email address is secure and not been compromised and if it has please provide us with a new email address for us to update your account and we can send your new password to this relevant email address.

Can you please at your earliest convenience confirm whether your email has been compromised and if so supply us with a new one so we can send you a password so you can back into your accounts

Thank you for your time and I look forward to your correspondance

Regards


There is no evidence that my email has been compromised. Just their hunch i think. I have written back with vinyl's thoughts...In other words how do they know its my end??? It could have been an inside job at this particular casino. Its a fairly reputable place btw...( afaik)

 

[steffigraff77]

And also rather stupidly...they are asking me to use a 'compromised' email address to send them details of a new email address!!

 

[jetset]

This does not sound kosher at all, and you are wise to pursue it vigorously.

Please keep us in the loop here, and perhaps at some stage you will tell us which group this is, as players need to be warned about outfits that try to pull questionable stuff such as this.

 

[Mousey]

I'm sure you've already done all this but....

Do a full system scan with more than one AV/anti-malware .... just in case you have key loggers, etc..... if you do, changing passwords, etc. will do no good unless you are rid of the malware.

There were too many things compromised here for me to think someone 'guessed' your passwords and accounts.... And as we find yet another instance of a poker room player to player transfer being done (this has happened in the past -- a poker player's webwallet is cleaned out and then crook to crook transfer takes place) -- and the poker rooms never said how the accounts were compromised. I'm just paranoid enough to fear there's some sort of vulnerability in poker software. While you are not a poker player, there was a poker room associated with the casino (and I'm assuming same username/password would be used).

This all stinks to high heaven.

 

[DiamondGeezer]

Is it possible you got compromised through using Wi-fi? I think it would be more likely someone got to view your webpages rather than a keylogger attack. I am certainly no expert though! Perhaps the computer experts among us could elaborate.

Far more likely to be your end than at the Casino IMO. If ever it happened at a casino it would be more likely to be on a much bigger scale I would guess. Obviously this is just a guess but the odds are it was much more likely you got comprimised your end.

 

[steffigraff77]

Yeah..thats the problem...impossible to say what caused it?
I do use wi-fi but it is secure ? I suppose if a thief wants to break in they can always find a way.

All i can do i think is to make sure i do not have more than a few hundred in my account from now on.

 

[XOXOXOXOXOX]

Has anyone else had this kind of experience?

Someone hacked into my moneybookers account. Luckily i had not funds there at that time. MB immediately blocked all outgoing transactions. I received 1.5K winnings from a casino and not able to make a withdrawal since their investigation takes forever.

I posted before that my Visa was compromises as well. I believe it could be related since MB had the details of my visa.

 

[AussieDave]

I do use wi-fi but it is secure ? I suppose if a thief wants to break in they can always find a way.

I was using wi-fi for 5 weeks back in Feb 2008. I was sure I was secure but alas I was not. Some scum bag managed to piggy back the signal and had a jolly time at my expense.

Fortunately I'd been with the same telco for years. Was easy to see I only used 2.5 - 3 gig max d/l a month for the last 5 years. That saved me forking out $1,500AUD.

So believe me it is possible.


Cheers
T

 

[vinylweatherman]

This is the response i got from the casino ..(again i have held back the names..): Sorry i may not have been clear above but i meant above that they were keeping the amount they could not recover.

We have reviewed your poker account and the gameplay and can see that your account had 2100 deposited from your ***** account and this was passed through to another account on the network.

We have investigated into this and have recovered funds from the account in question and this has been credited back to your poker account. A total of 1907.40 has been recovered and this has been re-credited to your account

Unfortunately 192.60 has been played by the account in question and these funds have been lost to various other players in the network which we can not recover.

We will not be refunding the 192.60 as the breach was unfortunately on your end outside the ****** Network and as per our terms and conditions Clause 5.1 Articles (viii) and (ix) it is a player sole responsibility to maintain the integrity of their usernames and account numbers as well as their passwords.

The funds are sitting in your account and as it has been compromised we can not re-open it until we issue you a new password. However this can not be done until we have your confirmation that your email address is secure and not been compromised and if it has please provide us with a new email address for us to update your account and we can send your new password to this relevant email address.

Can you please at your earliest convenience confirm whether your email has been compromised and if so supply us with a new one so we can send you a password so you can back into your accounts

Thank you for your time and I look forward to your correspondance

Regards


There is no evidence that my email has been compromised. Just their hunch i think. I have written back with vinyl's thoughts...In other words how do they know its my end??? It could have been an inside job at this particular casino. Its a fairly reputable place btw...( afaik)

This is not so bad (could be better though).

BEFORE getting too confrontational, recover the money they say they HAVE recovered & placed back into your poker account. This is all but 200 of what was taken. Change your email address if at all possible, and then get them to send you a new password. It is a bit silly that they think it OK to use what might be a compromised email address to do this, because if someone HAD compromised it, you are handing your NEW email address to them, which they can hack in order to get hold of your NEW password.
I would therefore add another stage. Once they have sent you a new password, change it again through the software, and if possible, change your email address again. This means the new email address you created to reset the account is a "one use" one, a bit like those virtual credit cards that produce a new number for each transaction.
None of the above will be of use though if there is a serious breach at your end. Scan your computer with anti-malware software and keep a log of the results (evidence). Check the security of your internet connection. Check access to your PC, if someone can get into your property, they can usually get onto your PC, often this would be an "inside job" at your end.
If you can find nothing untoward at your end, it weakens the casino's case that it was YOUR fault. There have been a few cases where the casino/poker room have stuck to their guns that any problems are at the player's end, or are just not there, and later on it has turned out to be at THEIR end, usually rogue employees. The Absolute Poker scandal was one where the breach involved higher level rogue employees, rather than the low paid bottom rung of CS. A casino's databases can store enough information to allow this. You can see this when you go into banking and see that all the deposit methods you use have been "registered". To appear to you in the banking menu, they have to be stored on a database at the casino's end, and databases like this are often the target of thieves.

Once you have managed to recover what you can back to your web wallet, you might consider closing down your casino account. You should then change your security information with the web wallet, or even close it and use a different deposit method.

Use of a credit card is safest in terms of your ability to get redress if screwed over, but it does mean that casinos ask for more documentation from you.

If the casino really valued you as a customer, you might even be offered back the remaining 200 as an incentive to come back to them if you DO close your account because of this episode.

 

[Jasminebed]

It might take a bit longer, but ask the casino to snail mail you your new login password, and withdraw what money there is PRONTO. You might make this request by telephone even.

I've received emails with other player's account details. I never made any attempt to log in or guess passwords, but then again I am not a thief.

The casino acknowledges that someone STOLE your funds. Since they lost a couple of hundred bucks to other players they can't ask the other players for their winnings back. I know if I played and won at XYZ Poker and later had the casino email me...sorry, we would like $92 back that you won from player ABC on July 9th since he was playing with stolen funds, and therefore you didn't win, I'd be right miffed.

Please keep us posted on how this progresses. I'm glad your losses were not the entire $2100...but I have accounts I don't log into for more than a month at a time.

Good luck at recovering all of your lost funds.

 

[steffigraff77]

Ok, the lastest is that Mansion casino have returned the funds they have recovered to my neteller account. They are not responding regarding the missing 200 or so.

Neteller are dragging their feet regarding my re-opening of my account.

I have asked them to cover the loss and they haven't given me a reply either way yet.

 

[vegetagirl2008]

I was using wi-fi for 5 weeks back in Feb 2008. I was sure I was secure but alas I was not. Some scum bag managed to piggy back the signal and had a jolly time at my expense.

Fortunately I'd been with the same telco for years. Was easy to see I only used 2.5 - 3 gig max d/l a month for the last 5 years. That saved me forking out $1,500AUD.

So believe me it is possible.


Cheers
T

I would put a password on your WI-FI if anyone tried to connect they would have to have a password. Its sad you have thieves out there who steal bandwidth.

 

[vinylweatherman]

Ok, the lastest is that Mansion casino have returned the funds they have recovered to my neteller account. They are not responding regarding the missing 200 or so.

Neteller are dragging their feet regarding my re-opening of my account.

I have asked them to cover the loss and they haven't given me a reply either way yet.

Now that Neteller have the money, you can refer the issue to the FSA. If Neteller fails to respond, tell them they have 14 days to respond to you, or you will consider the issue in "deadlock" and take it to the Financial Ombudsman.

Normally, financial institutions will cover the losses of customers who are victims of fraud. Neteller have to prove you were negligent, rather than be allowed to assume it.

Neteller have a history of bad practice, which makes their customers easy prey. Among these are:-

Sending emails to their customers, sometimes addressed "dear customer", asking them to "click here to register" for a promo. I checked a couple of these with Neteller, and they said they were GENUINE WTF

Since Neteller customers are expected to "click here" in GENUINE emails, and also give out security details when Neteller phone THEM, Neteller themselves show breathtaking negligence when it comes to demonstrating good security practice to their customers. Scammers who know how Neteller operate will find it unusually easy to hook victims by sending FAKE promos, some of which will find genuine Neteller customers.
In one case at least, I found a Neteller promo could ONLY be accessed by using the "click here" link the email, and could NOT be accessed through the website, not even when logged in!

 

[steffigraff77]

Yeah..good points.. My main issue with them is why they send secure ID's via email and don't give you the option of changing them? Or indeed they are just are just digits rather than letters and digits..so possibly negligent?

I have about 5/6k in there, most of which i will withdraw and then start the FSA idea if things don't get resolved.

 

[steffigraff77]

Final update ..for those interested.

neteller have re-opened my account and covered the 200 or so that mansion could not find. Mansion casino were not interested in discussing how they could be so sure the fault lies at my end? nor interested in covering the loss.

I have closed my mansion account.