In a post earlier this year, we offered you some tips to avoid online gambling scams. We discussed some specific types of scams you might encounter, We then offered some security practices to help you avoid getting taken in by con artists.
One type of scam we mentioned in that post is account takeover. This is when a scammer tricks you into giving them your login credentials for your sports betting account.
Today, we are going to discuss what happens if your sports betting account gets hacked. This is a related topic, so some of the information will overlap, but a lot of it will be new to you.
In this post, you will learn some tricks that hackers use to access sports betting accounts, what they can do when they have access to your account, and what will happen next. We will give you recommendations for steps to take if you do get hacked, as well as tips to prevent getting hacked in the future.
How Hackers Gain Access to Online Sportsbook Accounts
First of all, if your account has been hacked, you are probably dying to know how they did it. And if it hasn’t been hacked, you want to know how you can prevent it. To counter hackers, you need to know how they operate.
Let’s go over some of the most common tactics that hackers use to access online betting accounts.
- Credential Stuffing
Are you one of those people who uses the same password for a bunch of sites? It’s understandable—storing a zillion passwords is not easy, and memorizing them is pretty much impossible. Nonetheless, it is a terrible practice for maintaining account security, as it opens you up to a technique called “credential stuffing.”
Imagine for a moment that you use the same password for your online betting account as you do for some account at an online retailer. Then, that retailer gets hacked, leaking your login for that site.
Let’s say you use that same email address and password to log into your sports betting account and maybe some of your other online accounts as well.
Using credential stuffing, a hacker can input that email and password into numerous websites to see if they work. That might very well include the site where you bet on sports!
Suddenly, your sportsbook account is compromised, and the hacker can log in and out at will. That is not good.
There was actually a news story about this just recently. ESPN writes, “An 18-year-old Wisconsin man has been charged with crimes related to a cyberattack on a fantasy sports and betting site this past fall that impacted approximately 60,000 accounts.”
ESPN adds, “Joseph Garrison of Madison, Wisconsin, was charged with six counts of conspiracy, fraud and identity theft during a credential stuffing attack that began in mid-November. In a credential stuffing attack, the culprits use stolen usernames and passwords that often are obtained on the dark web.”
The criminals managed to steal hundreds of thousands of dollars from the accounts.
Think about this for a moment. 60,000 accounts at a single sportsbook were breached due to a technique that relies on duplicated passwords. Ouch. This is a bad habit that is shared by a lot of people!
Another way to gain access to a sportsbook account is to use a keylogger. This is a type of software that records what a user is typing while they are doing it. It then calls home to tell the person who installed it remotely on a user’s system what they typed.
In short, a keylogger is a type of spyware. If you have one on your computer, you probably have no idea that someone is watching every key you type, including your account logins.
- Phishing Sites
Phishing is a method where a hacker tricks a user by producing something fake and passing it off as legitimate.
One way to do this is to create a website that is meant to appear as close as possible to a legitimate one.
A user who stumbles into this website might not realize that they are not really where they intended to go, and may attempt to log in as they usually do. But when they do, the hacker sees what they type.
So, perhaps you thought you were logging into your sportsbook one day, but you actually typed your password into a phishing site designed to look like your sportsbook.
- Phishing Emails
A variant on the method above is to send out fake emails that purport to be from the recipient’s sportsbook.
A phishing email might say, for example, that your account was hacked and that you need to reset your password.
It would then direct you to a link to do this, but you would really be filling in a form that the hacker can see.
There are a lot of different approaches a hacker can take with phishing, so you will need to be cautious of strange emails.
- Hacked Email Accounts
Another way to hack a sports betting account is to start by hacking the email address that is associated with it.
You know how sometimes, you forget your passwords, so you have a password reset link sent to your inbox? By clicking a link in the email, you can change your password, and then log in.
Hackers can do that exact same thing once they gain access to your inbox. That means they can trick the sportsbook into letting them change the password so they can log in.
- Other Methods
While the techniques above are among the most prevalent ways that sports betting accounts get hacked, hackers may sometimes rely on other methods as well.
Also, once in a while, an actual sportsbook gets hacked. Thankfully, this is pretty rare. Most quality betting sites use strong encryption protocols to keep this from happening. The vast majority of hacks happen when specific customers are targeted, often through their own poor security practices.
What Can a Hacker Do When They Get Access to Your Account?
Let’s say disaster strikes and a hacker has successfully taken over your sports betting account. What can they do with that access?
- Withdraw Your Funds
For starters, the hacker may simply initiate a withdrawal. Of course, they will send the funds in your sportsbook account to their own account instead of yours.
- Deposit Funds And Gamble With Them
A hacker might also decide to deposit money in your account from your e-wallet or bank account. They might then gamble with that money and withdraw any winnings they get to their own account.
- Deposit More Funds And Withdraw Them
Perhaps the worst possibility is that the hacker will use the sportsbook to funnel money from your e-wallet or bank account into theirs.
First, they will use your linked payment method to initiate a large deposit. Then, they will simply withdraw the money immediately to their own account.
That means you can ultimately end up losing all the money in your e-wallet or bank account, even if they never gain direct access to those accounts.
- View Your Personal Details
There may be additional personal data saved to your sports betting account that a hacker could view. They might be able to use this data as part of an identity theft scheme.
- Commit Account Fraud
One more thing that a hacker could feasibly do with access to your account is use it to commit some form of account fraud.
For example, perhaps a hacker gets access to a bunch of sports betting accounts, and uses them to claim the welcome bonus over and over again.
This is one of the least damaging things that a hacker could do with your account, but it could result in problems between you and the sportsbook until you get it sorted.
How Do You Know if a Hacker Has Compromised Your Sports Betting Account?
How do you figure out whether your account has been compromised? There are a number of ways it might come to light.
- You May Be Locked Out
The most obvious way to learn your account was hacked if it you try to log in, only to find out that your account has been locked.
You might even find an email from customer service telling you that the security team has locked your account to prevent further fraud.
- You Might Detect Suspicious Activity
Another possibility is that you log into your account as usual, only to discover signs that someone else has been there.
You might see bets on record that you never placed, for example, or deposits or withdrawals that you never initiated.
- There Could Be Issues With Your IP Address
Sometimes the clue that your account has been compromised could come from your IP address.
You might try to log in, and the sportsbook asks you to verify through your email that you are who you say you are, because someone has been accessing your account from a completely different location.
Upon further investigation, you might discover that person was a hacker. That said, sometimes this scenario might come up for other reasons. It could just be a hiccup with your ISP. Or maybe you are using a VPN. There may not be a hacker at all.
- You May Suspect A Hack If You Know Your Email Was Compromised
Did you recently find out that your email address was compromised? If so, every account that is connected to it could have been hacked as well. That may include your sportsbook account. So, you should check into it.
- Maybe You Think You Were Phished Or Discovered Spyware On Your System
Perhaps recently you received an email supposedly from your sportsbook that you found suspicious. But you decided to reply to it anyway. Or maybe a recent scan of your computer revealed some spyware. Either might give you reason to suspect someone might have accessed your account.
Steps to Take if Your Sports Betting Account Has Been Hacked
What should you do if you do think your account was breached? First of all, try not to panic. You need to take swift action, but freaking out is not going to help!
Next, you can follow the steps we have outlined below. In an account hack scenario, you are going to find yourself facing either of two situations:
- You can access your account, or
- You are locked out of your account
Some steps need to be taken regardless. Others can only be taken if you can get into your account.
If You Can Access Your Sportsbook Account
You might still have access to your sports betting account. This is most likely to occur if the sportsbook is unaware that your account might have been breached, and you alone have the suspicion that it happened.
In such a situation, take the following steps:
- Log In And Change Your Sportsbook Password
Obviously, you do not want the hacker to continue to be able to access your sportsbook account. Changing your password will help you lock them out.
- Set Up 2-Factor Authentication
Does your sportsbook let you use 2-factor authentication to send a text with a code to your phone or email? If so, set it up. Be sure that the hacker cannot receive the call or text with the code. That might mean using a different email account than your normally would, or your phone.
- Check For Unauthorized Withdrawal Requests
If you have not already, visit the banking page in your sportsbook account. Look at the most recent withdrawals. Do you recognize all of them, or are there some that you do not recall scheduling?
Note down any unauthorized withdrawals that have been scheduled and whether or not they have gone through. You will need to report them all to customer service.
- Look For Unauthorized Deposits
After you look at the withdrawals, next, you need to check your deposits. See if the hacker has had any money transferred from your bank account or e-wallet into your sports betting account.
If so, you should again write down the amounts. Unlike withdrawals, which usually take a few hours or days to process, deposits are usually instantaneous. If the money is still in your betting account, you can simply send it back to your bank account or e-wallet (see below).
What if a hacker already withdrew those funds to their own account? Contact your bank or e-wallet to see if there is anything they can do for you. We will talk more about this in a little bit.
- Consider Withdrawing Your Funds.
If there are still funds in your sportsbook account, you might want to take the precaution of immediately withdrawing them. That way, they will be safely back in your bank account or e-wallet where hopefully, the hacker will not be able to get at them.
Double check your withdrawal settings before you go ahead; the hacker may have changed them. It would be terrible to accidentally request a withdrawal to their account.
After you schedule your withdrawal, un-link all of your payment methods. That way, if the hacker somehow gets back into your sports betting account, they cannot simply move the money you withdrew right back into the sportsbook account. You can link your transfer methods up again after you are sure your account is secure.
Take the Following Steps Either Way
Whether you can or cannot access your account, below are some additional critical steps to take immediately to secure your account after a hack. You need to take these steps whether or not you can currently access the account yourself.
- Change Your Email Password
If credential stuffing was the tactic the hacker used to get into your sportsbook account, changing your email password right away is just as important as changing the password to your sportsbook account.
Even if you do not think that your email account has been compromised, we recommend changing your password all the same. It is better to be safe than sorry.
- Change Your Payment Method Passwords
If the hacker only managed to get into your sportsbook account, then your payment methods should be fine. But if they also got into your email account and/or your payment methods have the same password as your sportsbook, they will be able to access those accounts directly.
That means you will need to change the passwords on those accounts right away. You should also set up two-factor authentication for those accounts, let customer service know the accounts were compromised, and ask them what your options are to recover any funds that were stolen.
- Contact The Support Team At The Sportsbook
After you have changed all your passwords and taken immediate steps to protect your money, you will need to talk to customer service at your sportsbook.
Depending on the situation, you will either need to:
- Ask them why they have locked your account, what the status of your account funds are, and how you can have access restored, or
- Report the hack you suspect happened, and ask what steps they can take to cancel unauthorized withdrawal requests and help you secure your account
Note: If you are facing a scenario where you are locked out of your account, it can be a challenge to work through it. In our next section, we will give you some best practices for moving the process forward smoothly and amicably.
- Scan For Viruses
Even if you do not think a virus or spyware was involved in your account hack, it is a good idea to run a scan regardless, just in case.
- Consider Reaching Out To Support For Your Payment Method
Whether or not you think the hacker has compromised your bank account or e-wallet, we suggest you contact customer support for that method to tell them what happened.
They might be able to help you reverse some of the damage already done (like restoring stolen funds). At the very least, you can put them on high alert for unusual account activity.
- Find Out How You Were Compromised
You do not want to go to a lot of trouble to secure your sportsbook account only to find it hacked again in the near future.
To stop it from happening again, you have to understand what went wrong in the first place.
Do your best to piece together the clues provided by the context. Once you identify the weak point in your security practices, you will be able to patch it.
So, for example, if you were hacked because you always use the same passwords, you will know to not do that again.
Or, if you were hacked because you ended up with spyware, you will know you need to be more diligent in blocking threats and scanning your system in the future.
Tips for Working with Your Sportsbook
Account lockouts are among the most frustrating and nerve-racking experiences you can have as a sports bettor. Few things induce panic quite so much as not being able to access your account. Try to remind yourself that the sportsbook took this action to protect you.
Alas, sportsbooks are notoriously hard to work with on resolving hacks and lockouts. Part of the problem is that often, your access to support is reduced by the lockout itself. If you had a direct line to an account manager before, for example, you might not be able to reach that person during the lockout.
So, you may need to contact support via channels you are not used to using, and support may also take a bit longer than you expect to get back to you. Here are a few tips to follow to make this process as smooth and painless as possible.
- Contact The Sportsbook More Than Once If You Have To
Chances are good that you are not going to get this issue resolved with a single email.
Sometimes, support teams seem to need to be contacted multiple times to keep the process moving forward. It should not be this way, of course, but let’s face reality, it happens.
The support team likely will have follow-up questions for you along the way, so, be prepared to reach out every few days if you need to. If possible, try and get someone live at some point on the phone. That may help you to cut out some of the back-and-forth and move the process along faster.
- Provide Screenshots
It can be a big help to send along some screenshots that show exactly what is happening on your end.
If you are locked out, take a screenshot of the lockout message you get, and forward it to the support team.
If you can access your account and you see suspicious activity or unauthorized deposits or withdrawals, capture screenshots and circle the transactions in question.
- Do Not Spam The Support Team
While it is normal to have to talk to support multiple times during the course of this type of investigation, you do not want to drive them crazy.
Opening multiple support tickets, for example, tends to just clutter the works and cause delays.
Pay attention to the turnaround time the site specifies on replies. If it says it may take up to 24 hours to get a response, do not try contacting them again until 24 hours have passed without a reply.
- Be Patient And Polite
There might be times when working through a lockout that are going to try your patience. You may feel tempted to snap at the person you are working with.
That is not the way to get results, however. When you attack another person, all you do is put them on the defensive and then they do not want to help you. At that point, they may drag their feet on purpose.
If you want people to help you, make it plain your situation is urgent, but continue to be kind. However frustrated you feel with a lockout, it is not the support person’s fault that it happened.
- Only Contact A Regulator If Nothing Is Working
If you truly believe that a sportsbook does not have your best interests at heart or is not handling the matter professionally, you do have the option of involving their regulator.
Most sportsbooks that are under regulatory oversight are going to work hard to keep their license, however. That means that they are unlikely to be actively trying to make your life difficult.
Involving a regulator too early in the process will just lead to unnecessary complications for you and the sportsbook. It may also taint your relationship with the sportsbook, so, reaching out to a regulator should be a last resort. Try everything else you can first to resolve the situation.
How to Prevent Getting Hacked While Betting on Sports in the Future
If you have had the unpleasant experience of being hacked while betting on sports, the last thing you are going to want is to go through this nightmare again.
Do sports betting sites themselves ever get targeted by hackers? Yes. But since reputable sites are strongly encrypted, it is hard for hackers to successfully hack them.
It is usually bettors themselves who get targeted individually, because they are the ones who are leaving loopholes in their security practices that are easy to exploit.
What that means is that the surest way to prevent getting hacked while betting on sports online is simply to close your own loopholes. Below are some tips to make this easy.
- Keep All Of Your Passwords Unique
Reading this post, you have learned just how easy it is for hackers to exploit users who use the same passwords for everything.
Always use unique passwords. That way, if hackers break into one of your accounts, they do not necessarily automatically have access to all of the rest. It may also be wise to change your passwords now and again.
- Sign Up For Identity Theft Alerts
Sometimes you can get ahead of hackers. It is common for criminals to sell email addresses and passwords they have discovered on the dark web. But there are identity theft alert services that you can use that will scan the dark web for your info and notify you if anything turns up.
Often, you will find out quickly enough to change your compromised passwords before anyone attempts to actually log into your accounts.
- Use 2-Factor Authentication
2-factor authentication is undeniably annoying; it forces you to take an extra step every time you want to log into an account. On top of that, the texts and calls sometimes are really slow to come through.
But there is also no denying that the extra step does do a lot to bolster your security, especially if you have the texts sent to a phone that only you can access since it is physically in your possession.
So, try and get used to using 2-factor authentication. Not all sportsbooks offer it, but some do. And you should at least be able to set it up for the email address that is associated with your sports betting account.
Remember, if your email gets hacked, your betting account is vulnerable, so protecting your email account is just as critical as protecting your sportsbook account.
- Use A Firewall, Ad Blocking, And Antivirus
To keep yourself safe from spyware and viruses that could compromise your account, you can take the following steps:
- Turn on your firewall
- Install a browser plugin to block ads
- Run antivirus software in real-time
Hopefully you already have your firewall running, but if you do not, you are exposing yourself to numerous threats.
Some ads are malicious in nature, so blocking them may reduce your potential exposure (and also make your entire web experience more pleasant and stress-free).
Windows Defender does a great job, and is included with Windows at no cost. You just need to turn it on.
You should scan your computer on a routine schedule, even if you do not receive any virus warning messages or notice anything suspicious.
- Follow Safe Browsing Habits
The majority of virus issues can be avoided simply by browsing safely:
- Do not visit dodgy sites
- Do not click on weird links
- Do not download strange software
That said, safe browsing is not a substitute for running antivirus software. You will see some people claim otherwise, but they are wrong.
The reason you need antivirus software is because even if you only visit the same few reputable sites each day, it is still possible to get a virus. Sometimes legitimate sites get hacked. Ad networks also are sometimes targeted. It only happens occasionally, but it only takes one virus to cause a ton of trouble!
- Don’t Fall For Phishing
As we discussed, phishing is a common tactic for hackers to use to get into sports betting accounts.
Always make sure you are navigating to the correct URL for your sportsbook. If in doubt, manually type it into your browser.
If you receive a strange email, text or even a phone call that is “from” your sportsbook, do not follow the instructions you receive. Instead, contact your sportsbook. Show them a screenshot of whatever you received, and describe it in detail. Ask if they are the ones who contacted you or not. Not only will they be able to tell you if someone tried to phish you, but they will be able to warn other customers.
- Avoid Betting On Unsecured Networks
When you are betting on sports at home, make sure your network is secured. That simply means setting up a password. By doing so, you lock out random people and ensure that only those you authorize can access your network. This will prevent people from spying on what you are doing through the network, such as typing your password for your sportsbook account.
What about betting on public networks? You do this at your own risk, especially if the network is completely unsecured!
- Be Selective When Choosing Betting Sites
We suggest that as one last precaution, you be mindful of where you are betting on sports in the first place.
Again, hacks of established, encrypted sports betting sites are not common. But low-quality sportsbooks online with poor security are easy to hack, and may leave customers vulnerable.
Another reason to stick with established, trusted sites is that they tend to offer better customer support.
That means that if your account ever does get hacked for any reason, you are more likely to get a swift resolution that helps you protect your account data and funds. If you lose access, it will also be restored more rapidly.
You Can Prevent Most Sports Betting Account Hacks
The thought of someone hacking your sports betting account is scary, but that does not mean you are helpless. In fact, you can prevent the vast and overwhelming majority of possible account breaches simply by following the right practices for security as a sports bettor. If you read this entire post from top to bottom, you have all of the basic knowledge you need to keep your sportsbook account safe and private.
And You May Have Some Interest In These As Well