Bookmakers hacked

[loncell]

A friend of mine has recently had a few of his bookies online accounts comprised.
Someone got in and loaded up his accounts ranging from £175 to £1000, and placed bets these bets lost.


He contacted all the bookies 3 in total, one major bookie paid him back pretty sharp the other two aren't playing ball.
One has informed his bank that they reckon it was him who did it and the bank have refused to refund.

All the bookies accounts are accessed 95% of the time via his phone and the bookies app.

All passwords are different and to load up the bookies accounts with money you have to type in the 3 digit card number to upload money

I got him to check his Google account none have been logged into via unknowns and virus scans on his phone with numerous apps all say clean.

He's now at a stage were one major bookie has shut the door on him saying guilty which inturn has the bank saying the same.

Now the bits I don't understand is,

How have they got into multiple bookies accounts ?, and what were they trying to achieve??.

The thing I don't get is, you can only withdraw the funds to the card you loaded the account up with so had the bets won (none did) the funds would have gone back to him.

Now I started to question whether he's coming clean but I know the guy since my teens and to be honest I'd say due to knowing him so well it's not him.

He's a £5-£10 bet at the football normally on the usual accy on a Saturday and normally the impossible bet.
He doesn't bet on anything else just football plus the odd tip on the nags you get off a m8 when out.

The only thing I can think of is (which I've warned all of them), logging onto WiFi's when out say on a train or airports especially with the remote access points hack on the rise.

I keep warning my m8's to get Surfshark or Nord but they don't listen.
Any thoughts on this as all his debit and credit card has been stopped and he's having to clear his name.

Any thoughts guys?
In one hand I think he's been hacked but on the other I can't figure out how they were ever going to benefit if the money could only go back to the same account

I said was you on the apps when these frauds took place? he said no

 

[loncell]

One other thing,
The bank in question at first said the money was uploaded using a computer but they've since back tracked on that and are now saying it was uploaded on another device but not saying what whether IOS or Android

 

[thebesh]

If this is all genuine, then I would be contacting the police to have a crime reference number. Seems like he's already contacted his bank. If he's reluctant to go to the police to report it then I would start to get suspicious. I don't see a reason to not report this to police, unless the story you've been told isn't 100%.

Cyber criminals are sophisticated, but to make a deposit on gambling site before placing a bet would require confirmation of the C2V on the bank card. Would be interesting to check the date/times these transactions. Where was your mate when these transactions were placed? Perhaps there is CCTV footage of your friend at the day/time the transaction was placed and it may prove that they were not on their phone (or able to place the bet).

If it's legit fraud and they are looking for compensation, get police involved.

 

[manic01]

Don't the transfers need authorization using the banking app ?

 

[jigger121]

Every betting site needs location permissions to see if you are in a country that permits gambling. Get him to ask them for the ip logs and it should help his case. Personally I dont think it would be caus3d through open WiFi as you said they would need his 3 digit code and his logins to the app, which im assuming he probably uses his fingerprint and facial recognition too?

My guess would be if they said it came from his phone I would be looking to see if he has any malware, because if they know his 3 digit number and they know if they won its going back to that card, they definitely will have access to either his bank account or paypal/Google pay where they can then buy bitcoin or gift cards etc to change the money into untraceable amounts
Either way put a block on the card and change all passwords and get a vpn/ malqare protection

Unless its him and afraid of the missus finding out 🤣

 

[loncell]

Don't the transfers need authorization using the banking app ?

You add your card then amount then 3 digit number
But you can only withdraw back to the same account you loaded up from.

He's triple checked his phone for malware, It just doesn't add up, it doesn't make sense. As for crime number I'll find out more as his head's battered.
I said this about the IP logs the bookies will have the logs and if it's his IP ? well he won't have a leg to stand on.
I asked him were was you when the frauds took place ? he said at home, as for times I don't know but I'll find out more over the weekend.
On one hand it looks suss, but on the other hand he's not a bullshitter or a liar it's just not him. Tbh he's a bit of a tight wad so him trying to put £1000 on the claim it was a hack I don't know.
Plus, 1 of the 3 bookies paid straight out so they must know of a hit that particular day.

 

[loncell]

He's messaged me I didn't see it,
Skybet was one of them along with Bet365 and Paddy Power
Skybet was 100% logged off at the time and they refunded £178 straight away. I think the other two hadn't been signed out but surely the bookie will see activity

I think it's Paddy Power that he can still access the account but he has no working bank cards but Bet365 are the ones been coonts, they've basically blocked his login.
And he said there's been a data breach
Personal information belonging to customers of Paddy Power and Betfair compromised in data breach

Paddy Power I'm sure was one of them

 

[userlee5267]

I had this last weekend three of my betting apps alerted me to suspicious log ins. Luckily nowt spent and passwords changed

Three accounts were sky bet, coral and coral games

All of which I haven’t used for ages and ages

Seemed odd I thought because like what’s been said all winnings would come back to me

 

[ianw314]

I read this on another forum posted today, Betfair is the bookie.

We are writing to inform you of a data incident on our Betfair platform. The nature of this incident means that regrettably some of your personal information has been impacted. Importantly, this does not include passwords, ID documents or any usable card or payment details. However, we want to be transparent with you and are therefore making you aware of the incident and the measures we have taken. You do not need to do anything, however we recommend you remain vigilant. We have provided a link below to general tips about online safety for your information.

What happened?

We recently detected that an unauthorised third party had gained access to limited betting account information related to some of our customers.

Immediately upon becoming aware of this incident, we initiated a full investigation, supported by leading IT security experts, to terminate the unauthorised access, fully contain the threat and protect our networks and our customers. We have informed relevant regulators and authorities and will continue to engage with them as required.

Once the unauthorised access was removed and the incident fully contained, we immediately launched a full evaluation of the affected information, with our teams working to understand what customer information may have been involved.

Based on our evaluation of the information involved, we concluded that the personal information affected is limited to basic betting account details, such as your username and email address, and some contact information, including your name and the first line of your address and city. It also includes details of some recent activity on your account and technical data like your device ID and IP address. Importantly, this does not include passwords, ID documents or any usable card or payment details

 

[1Yardboy]

So easy to lose money and so difficult to get the refunds back. Not fair.

 

[loncell]

I had this last weekend three of my betting apps alerted me to suspicious log ins. Luckily nowt spent and passwords changed

Three accounts were sky bet, coral and coral games

All of which I haven’t used for ages and ages

Seemed odd I thought because like what’s been said all winnings would come back to me

Exactly you can only withdraw to the account you paid it from that's unless that person used PayPal and the PayPal has the same password login but that's a big shot.

The problem my m8 has is, his bank believe the bookie so his Nationwide accounts debit credit have both been frozen.
We're talking wages mortgage council tax utilities you name it the list is endless.

I told him, contact his ISP and get a log of all his activity from home at the time the frauds took place then try to marry these up with Infront (if poss) the bookie.
If this don't work
Gambling commission and the IBAS

He needs proof to take to the bank to prove his innocence. I was talking to a young lad who was playing blackjack on a bookie (I think he said Bet365)
He was £7000 up when a huge pop up appeared
Your account has been suspended and all funds on hold due to suspicious activity

They basically tried to accuse him of using someone else's funds, cheating etc anything they could think of.
It took him 4 months to get paid out.
Bookies disgust me they are poison

 

[ianw314]

Exactly you can only withdraw to the account you paid it from that's unless that person used PayPal and the PayPal has the same password login but that's a big shot.

The problem my m8 has is, his bank believe the bookie so his Nationwide accounts debit credit have both been frozen.
We're talking wages mortgage council tax utilities you name it the list is endless.

I told him, contact his ISP and get a log of all his activity from home at the time the frauds took place then try to marry these up with Infront (if poss) the bookie.
If this don't work
Gambling commission and the IBAS

He needs proof to take to the bank to prove his innocence. I was talking to a young lad who was playing blackjack on a bookie (I think he said Bet365)
He was £7000 up when a huge pop up appeared
Your account has been suspended and all funds on hold due to suspicious activity

They basically tried to accuse him of using someone else's funds, cheating etc anything they could think of.
It took him 4 months to get paid out.
Bookies disgust me they are poison

Bookies are your best friend ...... until you win!!

 

[regy101]

In March I had an issue with Bet365. I had approx £1200 in the account from winnings i just kept in the account. I went in on a Saturday to place a bet and noticed my balance was £0. When I spoke to Bet365 they were very helpful and they blocked my account, set a new account up for me and refunded my full credit. The only information i could get from them was that whoever hacked into my account had transferred my money into Gaming and then withdrew to Apple Pay. I dont use Apple Pay at all but they refunded me the credit immediately. I couldnt get any further information from Bet365 but they did tell me to change my email password as well.

 

[userlee5267]

Exactly you can only withdraw to the account you paid it from that's unless that person used PayPal and the PayPal has the same password login but that's a big shot.

The problem my m8 has is, his bank believe the bookie so his Nationwide accounts debit credit have both been frozen.
We're talking wages mortgage council tax utilities you name it the list is endless.

I told him, contact his ISP and get a log of all his activity from home at the time the frauds took place then try to marry these up with Infront (if poss) the bookie.
If this don't work
Gambling commission and the IBAS

He needs proof to take to the bank to prove his innocence. I was talking to a young lad who was playing blackjack on a bookie (I think he said Bet365)
He was £7000 up when a huge pop up appeared
Your account has been suspended and all funds on hold due to suspicious activity

They basically tried to accuse him of using someone else's funds, cheating etc anything they could think of.
It took him 4 months to get paid out.
Bookies disgust me they are poison

Had this with a big win on the slot machines the thing was going crazy it got to over £100 and the game crashed.

When I logged back in no win. Went on live chat and they said it never happened as it shows on there system if it glitched out

Probably because I was using a free spin

 

[loncell]

My friend spoke with Bet365 who have now reviewed his situation and they have decided it wasn't him and someone got into his account so they reimbursed him. I'm not sure of the exact amount but it's up near a £1000.

The problem he now has who sent him this message:-

"The reason we've decided to close your account(s) is that, upon reviewing a recent fraud claim, we believe you or the joint account holder have falsely claimed that transactions were unauthorised. Your account(s) will be closed immediately. Any other savings or current account(s) held will be closed in 90 days."

I told him he needs a letter from Bet365 confirming it wasn't him and make an appointment with the bank.
Then he needs a written 2 appologies from both the bank and the bookie and to check his Experian incase this has left a ah*stain against him and his missus

 

[thebesh]

On the back of this I'd like to stress the importance of 2 factor authentication on apps/accounts that are important to you. Your main email account should be a priority. Make sure you use strong and unique passwords on EVERY site/account. How do I remember all these complex passwords? A solid password manager = Best Password Manager for Business, Enterprise & Personal | Bitwarden - mobile and desktop app and it's free and opensource (making it more secure)

Create a strong and secure password (minimum 16 characters with uppercase, lowercase and special characters) and use this password ONLY to secure your password manager, This is the only password you need to remember. Also remember to add 2 factor authentication to your password manager as well (belt and braces).

 

[G_1981]

On the back of this I'd like to stress the importance of 2 factor authentication on apps/accounts that are important to you. Your main email account should be a priority. Make sure you use strong and unique passwords on EVERY site/account. How do I remember all these complex passwords? A solid password manager = Best Password Manager for Business, Enterprise & Personal | Bitwarden - mobile and desktop app and it's free and opensource (making it more secure)

Create a strong and secure password (minimum 16 characters with uppercase, lowercase and special characters) and use this password ONLY to secure your password manager, This is the only password you need to remember. Also remember to add 2 factor authentication to your password manager as well (belt and braces).

Exactly this. You have to have it turned on. I only use exchanges and it's a perfect solution especially in these days where you need a hefty bank in case you get stuck in the loop of affordability checks via depositing!

Did the OP get his mate sorted? Sounds like a sob story to cover degencery happens all the time