Gambling no longer takes place only among the glittering lights of Las Vegas or in dingy betting shops smelling of stale beer and disappointment. There are now thousands of websites devoted to the pastime, meaning that you don't even have to open your front door to experience the thrill of the big win.
But just like in the real-world, side-by-side with legitimate online gambling businesses there exist scammers who prey on unsuspecting gamblers, using spam mailings to reach their potential targets.
Sadly, this type of fraud is rife and the culprits generally go unpunished, so you might wonder why gamblers from all over the world take the risk of readily flocking to the Internet to gamble. One reason - as with any online activity - is convenience. You can play from anywhere, at any time. However, legislation also plays an important role when it comes to online casinos. In many countries gambling establishments are either illegal or can only operate within designated gambling zones. Online gambling resources offer an alternative to people who are either unwilling or unable to travel to a different country or region to gamble. While gambling web sites are predominantly hosted in countries where the gambling business is legal, online casino sites are typically available to people anywhere in the world. This suits the fraudsters: the victims of a phoney casino will find it difficult to pursue the owners of a web site that is registered in a different part of the world and may already have disappeared from the Internet by the time they realise that they have been scammed.
The spam mailings used to advertise online casinos are very simple and often seem genuine: they generally include short messages, a link to just one web resource (the advertised casino site), and promises of huge wins and bonuses. The sites themselves are very glitzy - designed to attract the attention of those who respond to a spam mailing and those who arrived at the site when casually surfing the web.
In order to gain access to the advertised treasures, the victim is required to download gambling software. No matter where the new arrival clicks on the page, they are prompted to download and launch an executable file. Once the victim has readied their computer for their flirt with Fortune, one of the following two scenarios unfolds - both profitable for the cybercriminals.
In the first scenario, the victim is prompted to play the first game free - and they win no matter what. Naturally, this comes as a pleasant surprise for the gambler and encourages them to continue playing. However, before they can start a second game they are forced to register at the casino site and pay an up-front subscription fee. The second scenario is more straightforward. A large sum of money is credited to the victim's account immediately after they register and pay the subscription fee. However, no one is ever able to take this money out of the casino. Nor are they able to get their hands on the money won 'completely randomly' in the initial free game in the first scenario.
They are both elaborate ploys to show how easy it is to win and to entice people with the lure of easy money. The gambling site disappears after a short while and the scammers walk off with the subscription fee paid by the victim, together with their 'winnings'.
With online gambling becoming ever more popular, stumbling upon a fake site is not as uncommon as you might think. To avoid falling victim to this type of scam, apply the following tips:
- Protect your computer, tablet or smartphone with Internet security software; and apply security updates as soon as they are available.
- Treat all unsolicited e-mails with caution: don't click on links or open attachments in emails you weren't expecting or are not sure about.
- Don't click on popups that contain offers that seem too good to be true - if they look too good to be true, they probably are!
- Place bets only on reputable web sites - check the Internet for reviews of the site. Type in the URL yourself, rather than responding to a link in an e-mail message.
- Make sure it's a secure site - look for the 'https' at the start of the address ('s' for secure) and check the validity of the security certificate.