With the holiday season approaching, players are being warned to be on their guard against new phishing email scams designed to give you a miserable Christmas.
Phishing emails are specifically designed to trigger an emotion that gets you to interact with the email – usually click on a link or open an attachment. When you interact with a phishing email, there can be a number of consequences from malware being downloaded onto your device, to your log in credentials being exposed, to crypto mining software being installed onto your PC.
Often, you will not realize you are the victim of a phishing scam until much later (unless your device has been encrypted with ransomware). It can be hours, days, or weeks until you realize you have been scammed; by which time it could be too late to recover any money stolen from your online poker account if your funds have been chip-dumped to another player who is part of the scam.
The Poker Phishing Email Scam of 2017
In March 2017, players at sites on the Winning Poker Network were warned against opening a phishing email that looked as if it had been sent from the Network. The email invited players to review details of a recent deposit transaction by clicking on a link. The link actually disguised a script within a .rar file that would have downloaded malware onto their devices.
Fortunately the email was naive in construction and quickly identified as a phishing email. I didn´t hear of anybody´s devices being infected due to clicking on the link and, because of the quick response when the scam was identified, the Network´s database was quickly alerted to the threat. Nonetheless, the consequences could have been far worse had the email been better designed.
The Changing Face of Phishing Scams
The March 2017 poker phishing email scam was typical of phishing emails being sent at the time inasmuch as it played on recipients´ emotions of greed, curiosity, and fear to get them to interact with the email. However, a new breed of phishing email scams has been identified that doesn´t necessarily rely on traditional emotional triggers in order to be effective.
This breed of phishing email scams comes in the form of either a Holiday eCard, a satisfaction survey, or details of a new rewards program. Recipients are asked to click on a link to view the eCard, survey, or program, at which point a malware download starts. Alternatively, if players are asked to log into their accounts via a link, they will be redirected to a fake website which will record their log in credentials.
The Leading Motivators of Successful Phishing Campaigns
According to the anti-phishing software vendor – Cofense – entertainment (19.5%), social interaction (16%), and reward/recognition (13.8%) are now the three leading motivators of successful phishing campaigns. The previous leading motivators (greed, curiosity, and fear) now account for just 30% of successful phishing campaigns combined due to people getting smarter about online security.
Therefore, if you receive an email purporting to be from your online poker site – even if it is just wishing you a Merry Christmas – treat it with suspicion. Unless you are absolutely certain it presents no level of threat, forward it to the poker site´s Support Team to check whether or not it is genuine and wait for their response. You could be saving yourself a very miserable Christmas!