Spammer! RiZK and VideoSlots selling my personal data .

crikeym8

Multiple forum accounts - flaming and being a PITA
PABnoaccred
Joined
Apr 28, 2014
Location
Moorabbin
#########

This week ive been inundated with multiple spam emails , redirecting to casinos like, cherry casino, with the URL DeepGreenSky.com. Upon raising my concerns with videoslots online chat, I was given this cock and bull story " We don't sell personal data to third party's"

Well when I informed the bloke that I have a catch all email address, meaning, over the years, I in every instance, create a unique email address depending on what site I sign up on. This one being videoslots@crikeym8.com. The reason I do this is simple, to catch out institutions and web sites that don't take data security and privacy seriously. Fact is, all spam ive been receiving this week has been directed to the videoslots@crikeym8.com email.

So just to make sure I did a username recovery and a password reset to test if they still had it in their system, Sure enough, reset emails came through. As im Aussie, my account wasn't active. But when I started chewing his ear off , live chat rep that is , he informed me, it wasn't possible. That email wasn't in their system. Nor was my name... I guess the password reset and user name recovery to my videoslots@crikeym8.com email was just my imagination. Identity theft starts with institutions like this, trying to make a quick buck. (See bottom pic)

So listen Videoslots, you have been caught out red handed selling data , and breaching god knows how many privacy laws. But what I don't understand, is why take such a risk considering the demographic your spamming (An Aussie) Cant join your affiliated sites anyway.
Good thing about catch all, I can and have blocked it, redirecting all their spam back to videoslots.

Annotation.png
 
I can't imagine Videoslots would sell your data, they are rated very highly here and are among the favorite Casinos for a lot of people here.
Have you contacted @Team.Videoslots on here? Maybe they can give you some more Information on this than the Support Chat could.
 
Also, forwarding your Mail to @Katy-Cherry is probably a good Idea if you are getting Spam for Cherry Casino (the one accredited here?) -- maybe they can have a look into it and contact the Affiliate in Question to regards of how he got your EMail Address.
 
Doesn't make any sense. I would bet 100k that VS has nothing to do with any spam that the OP may have received.
People should know that redirecting from unsafe links or using public wifi is only a few of the ways someone can get your username and password.
It really doesnt. In cases like these i always think about a risk/reward scenario..
The risk? Losing all credibility if it should come back on you, possibly getting sued, losing licenses (not sure about this one but probably..) etc.
The rewards? A few bucks to sell someones data to a third party who does then spam then.

Honestly, it would absolutely not be worth it for them in any scenario.
 
If he's using a unique email address then its very likely to have come from videoslots.
There are numerous cases of dodgy casino staff and affiliate managers selling user information, I have been offered data on more than one occasion. I have seen my information from an affiliate who spammed me, that was a screenshot of a casino backend, a casino who was at the time accredited here, yet they insisted it hadn't came from them.
I very much doubt Videoslots have sold the info, but I would expect it to be likely it came from someone inside the company.

Regarding Rizk, my concerns with GIG have been discussed on here, but despite them saying otherwise I can prove they used to use a third company mailing list that was compromised, and GIG didn't bother telling any customers about. That is most likely how they got that email, unless they are still giving customer information out to other customers like they did to me!
 
UPDATE.... Receive further spam, this time from Rizk casino email from old Rizk account now being used to spam.

Lafiesta Casino

Luckland casino. These emails are all assosiated with casinos I no longer play at. Well if I get further spam from another casino I'm no longer attached to Then its More than coincidence.
 
Last edited by a moderator:
Guts casino .now sending spam from rosebank casino. Random you reckon? I doubt that. If. It was random I'd be getting spam from the 50 none casino related emails I have.
 
Agreed.

Its more likely a computer just churning out emails to random addresses based on yours rather than videoslots selling your email for 1p....

videoslots@crikeym8.com
videoslots@crikeym88.com
videoslots@crikeym888.com
videoslots@crikeym81.com
videoslots@crikeym811.com
videoslots@crikeym812.com
videoslots@crikeym7.com
videoslots@crikeym71.com


you get the drift....

I don't think its that, they are usually specific, I regularly get the same spam to guts@mydomain.com, cashmio@mydomain.com and netbet@mydomain.com
The email addresses have been harvested from somewhere, in my case the compromised email list provider, if it was to random addresses you would get them to addresses such as 123@ trees@ john@ casino@ etc etc as they would use dictionary generators or name lists to spam the domain with
 
Guts casino .now sending spam from rosebank casino. Random you reckon? I doubt that. If. It was random I'd be getting spam from the 50 none casino related emails I have.
Any chance you clicked a link or loaded graphics from one of the mails? Might be why they are hitting you with the full program now..
 
I don't think its that, they are usually specific, I regularly get the same spam to guts@mydomain.com, cashmio@mydomain.com and netbet@mydomain.com
The email addresses have been harvested from somewhere, in my case the compromised email list provider, if it was to random addresses you would get them to addresses such as 123@ trees@ john@ casino@ etc etc as they would use dictionary generators or name lists to spam the domain with

Agreed. I'm not receiving spam from the many simple emails I have. A@ b@ c@
 
Guts casino .now sending spam from rosebank casino. Random you reckon? I doubt that. If. It was random I'd be getting spam from the 50 none casino related emails I have.

I'm still waiting for GUTS to inform me that they've leaked my email address (twice!) - I logged my first guts-only alias as compromised in April 2015, and a second one as compromised in May 2018. In the six years I've been using this method, I've identified a dozen incidents of email addresses being leaked - so for GUTS to be two of those is pretty poor.

I don't think its that, they are usually specific, I regularly get the same spam to <snipped>
The email addresses have been harvested from somewhere, in my case the compromised email list provider, if it was to random addresses you would get them to addresses such as 123@ trees@ john@ casino@ etc etc as they would use dictionary generators or name lists to spam the domain with

I do the same, but add random characters to the email address to reduce the likelihood of a dictionary attack. If I got an email from casino@ then you could argue dictionary attack (although as you say, you'd expect to get lots of emails with random prefixes), if I get one from casino-i2f7d18@ then that argument falls flat and the onus is on the operator to demonstrate otherwise if there are no indications of compromise on my end.

The mail processor is often the weak link in the chain - either with the addresses being scraped and sold on, or a malicious actor doing an "extra run" with unrelated spam.
 
I'm still waiting for GUTS to inform me that they've leaked my email address (twice!) - I logged my first guts-only alias as compromised in April 2015, and a second one as compromised in May 2018. In the six years I've been using this method, I've identified a dozen incidents of email addresses being leaked - so for GUTS to be two of those is pretty poor.

You should post about it in their thread, see what they say like I did. Do you know which breach leaked the one in May, I suspected there was another around that time but couldn't prove it so didn't mention it, concentrating on the earlier one that they flatly denied until I showed them evidence ;)
They will never get a penny from me (anyone from GIG) after lying about customer details being leaked, giving me another customers full details, then threatening me as to what would happen if I published those details (nothing is the correct answer)
 
Its very easy to find out mail-addresses you can just run a script on a site's registration form and test all combinations. You usual get, "that email already exist" or similar message that confirms that its a correct email. More and more site however gets protections for this, a protection would be that if you for example hit 3 mail addresses that already exist, you get blocked from the registration page. Its very easy to test if a site has this protection or not by simply input your email address in registration form a couple of times and see what will happen.

This is how most spam lists are built all over the internet.
 
Its very easy to find out mail-addresses you can just run a script on a site's registration form and test all combinations. You usual get, "that email already exist" or similar message that confirms that its a correct email. More and more site however gets protections for this, a protection would be that if you for example hit 3 mail addresses that already exist, you get blocked from the registration page. Its very easy to test if a site has this protection or not by simply input your email address in registration form a couple of times and see what will happen.

This is how most spam lists are built all over the internet.

I would most certainly hope that a casino site has protection to stop a script such as that to run. In my case though, I could categorically prove my email had been leaked, something that was eventually agreed with by GIG, after they first denied they ever used that mailing list provider!
 
I believe its very few site on the internet that has protection for it, probably only the bigger sites. This dont only concern casino sites, its all sites world wide. Any site you put your information on.

I dont believe this site has a protection for it as an example. Just try. Maybe something for @Casinomeister to look into.
 
I believe its very few site on the internet that has protection for it, probably only the bigger sites. This dont only concern casino sites, its all sites world wide. Any site you put your information on.

I dont believe this site has a protection for it as an example. Just try. Maybe something for @Casinomeister to look into.

ok, I think I misunderstood exactly what you meant when I first read it but do now, and my comments still stand, like you say it isn't hard to implement a fix for this.

Plus, I would imagine, if someone was doing this, it would be unlikely to be personal domain specific, for example, if you had *@mrwild.com as your domain and catch all emails, unless someone already knew you had an account there and was specifically targeting you, I don't think they would run a script on that, much more likely if it was done on something like *@yahoo.com/gamil.com/hotmail.com etc. Even less likely to wield any results if your registration was mrwildvs76@domain.com as no dictionary or name list would pick that up to try :)

Most email lists come from the millions that have been pasted on pastebin or traded on the darkweb, usually coming from breaches, and in casino lists, dodgy staff or affiliate managers. Bit old but this type of list is where most come from
You do not have permission to view link Log in or register now.
which in turn is taken partly from SQL attacks on sites databases.
 
The obvious explanation here (and one I've suspected for a very long time) is that it's simply a low level support person selling these addresses.

Of course Videoslots "don't sell your emails" but I'm pretty damn sure they don't protect them from their support staff either and it would be pretty tempting for them to pimp them out for a few extra bucks.

There was the story that broke recently where a casino made no distinction between their internal (training) support knowledge base articles and the external (end user) documents - well what this meant was that if you searched the support site for 'passwords' you were presented with the support staff's login info so you could log in and do as you pleased with their "secure" data.

So really, you did the right thing using burner accounts but I'm sure this problem is endemic of all casinos and indeed most online companies. It's very expensive to secure your staff.
 
I can confirm OP's suspicions. Everytime I have closed accounts at different casinos, I get a promotion sms from a rogue casino. This confirms that there is an automatic process. I can document this from a technical standpoint and have some insight from anonymous operators how this process works.
If anyone thinks otherwise I suggest they try this for themselves.
 

Users who are viewing this thread

Meister Ratings

Back
Top