Keeping Safe in Online Casinos: The Inside Story


Apart from banks, it’s hard to think of another sort of business that needs to be quite as secure as the online casino. The reasons are obvious: the casino can’t afford to risk its profits, or its reputation, and its players need to know that both their money and their data is in the safest of hands.

· Online casinos and players are at risk from a wide number of security threats, including DDoS attacks and phishing scams

· In 2011, hacker Ashley Mitchell stole £7.5 million worth of chips from the American Zynga Corporation

· Cyber-attacks are expected to cost global businesses $2 trillion by 2019

· Software called NORA has been developed to prevent cyber attacks

· Casino players can also avoid being the victim of phishing scams by looking out for common signs


Apart from banks, it’s hard to think of another sort of business that needs to be quite as secure as the online casino. The reasons are obvious: the casino can’t afford to risk its profits, or its reputation, and its players need to know that both their money and their data is in the safest of hands.

Physical casinos have long been experts in how to stay safe but, unfortunately, online casinos also present an irresistible target for fraudsters and there have been a number of instances where they have succeeded. Unsurprisingly the casinos are not keen to publicize these when they do occur, but one instance which hit the headlines in 2011 involved a habitual online poker player and IT expert who managed to steal the equivalent of £7.5 million worth of chips from the American Zynga Corporation, thankfully there has been increased efforts to improve casino security since then.

Hacker Ashley Mitchell managed to break into Zynga’s website by posing as a web administrator. He was then able to transfer 400 billion gaming chips into a number of Facebook accounts. The chips would have been worth $12 million if Zynga had issued them legitimately. Mitchell was sentenced to two years in jail.

While cheating at the games themselves is arguably much harder in an online casino than it would be in a physical one, where players could physically intervene with the play, there are two main ways for hackers and other fraudsters to launch an assault.


Foiling attacks


Online security is key



The first is by attempting to paralyze a casino’s operation by a DDoS attack, which is where hackers overwhelm an organization’s servers with useless data and repeated load requests, preventing useful data from getting through. The second is to hack into the database to obtain players’ personal information and to use this for fraudulent ends.

In the case of a DDoS attack, the aim is to overwhelm the casino’s website through sheer weight of traffic leaving it exposed and powerless to react. A good example of this was the attack that took place in October 2016 and which crippled major sites like Twitter, Amazon and Spotify for a few hours. It was said that the attacks were “well-planned and executed, coming from tens of millions of IP addresses at the same time”.

These events can be orchestrated using so-called bots which are remotely controlled computers programmed to act simultaneously. Fortunately technology known as network and host-based mitigation is being developed which can help to sift through computers logging on to the site and filter out ones with malicious intent.



Casinos can take the following steps to protecting themselves from DDoS attacks:

· Invest in the right technology, expertise and training to be able to identify such an attack

· Develop an incident response program and mitigation plan

· Work with their ISP to get alerts when a DDoS attack is suspected

· Understand the source of threats and attacks

· Consider using tools such as load balancers, to balance traffic across multiple servers


Spotting the dangers


Cyber crime in general is projected to increase exponentially over the next few years to cost businesses across the world over $2 trillion a year by 2019. In the UK, there were an estimated 3.6 million cases of fraud and two million computer misuse offences in 2017, according to the Office for National Statistics. Separate figures recorded by the police showed an 8% rise in offences overall.

A key piece of software that has been developed to identify future potential threats from individuals, such as Ashley Mitchell, is called Non Obvious Relationship Awareness, or NORA for short, which uses stored data which can quickly identify links between players and even casino employees and flag this up long before any issues occur.


Keeping player data safe


There are steps that can be taken to keep your data safe


Players should also be wary on cyber attacks. When it comes to the illicit mining of players’ data from an online casino, there are a number of techniques typically used by the fraudsters. The most obvious of these is phishing. This typically involves sending bogus emails which then either request the player’s login information or direct them to a bogus, but very realistic, website where their information is mined. This can also lead to trojans infecting the player’s device which can record and transmit every keystroke.

If this sounds scary, it is – but there are a number of steps you can take to stay safe when you play online. The first is to be very suspicious of unsolicited emails asking for personal details and the only play on sites which use SSL encryption. These will display a small padlock in the address line of your browser and the URL will have a prefix of “https” and ensure that all personal information is encrypted so as to be virtually indecipherable. For example a site boasting 128 bit encryption would have 340 trillion trillion trillion possible combinations to work through before cracking it.

Although there are undoubted threats you can rest assured that all the measures necessary are being taken to minimize them and some are also being adopted in other spheres. For example NORA is now even used by Homeland Security in the US. So with this level of security and a little common sense it’s easy to stay safe when you play online and keep well out the fraudsters’ reach.


How to spot a phishing scam




Here’s what to look out for if you suspect you’re being targeted in an online casino phishing scam.

1. An email that doesn’t use your username or real name – addressing you as ‘Dear Customer’ or ‘Dear Player’

2. Misspellings or grammatical errors – poor English is a hallmark of online phishing scams

3. Promises that are too good to be true – such as promises to win $20,000 in free spins, or free to play money

4. Alarming language – saying your account has been locked, or you must upgrade to access your funds

5. Requests for excessive information – like your driver’s license or credit card security code

6. Addresses that don’t match links – if you hover your cursor over the link, it should read the same as the face text of the link

7. Shortened URLs – while these are the norm on social media, they should be within emails

8. Attachments – online casinos will rarely send you attachments, so never open one from a suspect sender



(1st picture Source: