WARNING - Betfair account hacked / fraud

News, chat and debate about the Betfair betting exchange.
Post Reply
User avatar
to75ne
Posts: 2415
Joined: Wed Apr 22, 2009 5:37 pm

LeTiss 4pm wrote:I contacted BF regarding my rogue IP addresses, and they were surprisingly helpful and quick with responding.

With regards to your account though, I'm astonished that BF's security department are not concerned about somebody in Lithuania trying to access your account.
so was i, and quite angry about it. betfair refunded, its a loss they suffered, so i am hoping that behind the scenes they colate all such info, and try and catch these people or pass it on to the relevant authority. the fella that i spoke too probably not in his remit to know too much about these things, and just trying his best i assume.

jeff, i dont think these hacker types give a flying feck about a phone call from one of their civil servants somehow. for that matter i doubt if a lithuanian civil servant would be concerned to much about my betfair account considering the way their economey is going, i assume its going down the pan like everyone else. :)
Top
Iron
Posts: 6793
Joined: Fri Dec 11, 2009 10:51 pm

to75ne wrote: jeff, i dont think these hacker types give a flying feck about a phone call from one of their civil servants somehow.
True, but they might get worried if the local police turn up on the door. I wasn't suggesting that you get an embassy diplomat to reason with them! :)

I suspect that the authorities in Lithuania aren't as obsessed about human rights as we are in the UK!

Anyway, it can't hurt (although really your local constabulary should be taking the matter up with Interpol or the Lithuanian authorities, and I'd be inclined to make a complaint about their failure to do so, if I were you).

Jeff
Top
User avatar
to75ne
Posts: 2415
Joined: Wed Apr 22, 2009 5:37 pm

the person at the part time police station is not a proper copper. and as i have been refunded, they did not seem to understand that it is still theft, and i dont like anyone stealing from me irrospective of whether i am out of pocket or betfair is out of pocket. theft is theft. someone dipped my account.

i signed a statement and was given a crime number, and i will be surprised if i hear anything else about it.
Top
andyfuller
Posts: 4619
Joined: Wed Mar 25, 2009 12:23 pm

I agree BF need to upgrade their security and think this issue has been raised in several Q&A sessions. But before we go slagging them off to much, are they any worse than the other bookmakers?

Also you can see why the criminals try their hand at this kind of stuff. Check out this story:

http://www.bbc.co.uk/news/technology-14989264
Top
User avatar
Euler
Posts: 24804
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ

Just had somebody in touch today who has lost £6.5k from their account in similar circumstances. Basically the fraudster emptied their account. Time for Betfair to beef up security I think. I'll keep in touch with them to see what happens but it's with the Betfair fraud team at the moment.
Top
Iron
Posts: 6793
Joined: Fri Dec 11, 2009 10:51 pm

There must be some low-cost security measures Betfair could introduce.

For example, they could make it so customers had to enter a pin if they wanted to make a withdrawl. If they wanted a new pin, they'd have to click a link in an email. That way, a frauster would need to have access to someone's email account and their Betfair account to steal money from them.

Jeff
Top
User avatar
Euler
Posts: 24804
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ

Given the security breach they had themselves, I think they need a challenge response system when you log on or something.
Top
User avatar
LeTiss
Posts: 5386
Joined: Fri May 08, 2009 6:04 pm

I'm getting paranoid about these stories

I'd be interested to know if these victims had anything in common, like transferring money between wallets etc.

I also agree that other bookies have problems. 3 years ago, I opened an account with Expekt.com, in order to take advantage of a massive arb. I needed to email or fax a copy of my debit card (supposedly for security reasons!), which I did. 2 days later, some bastard in London spent £900 on my card. My bank returned the money thankfully, however Expekt totally ignored my complaints. It just seemed a huge coincidence if it wasn't a problem with their website security.
Top
andyfuller
Posts: 4619
Joined: Wed Mar 25, 2009 12:23 pm

This issue has been rumbling for a few years now and nothing seems to have been done about it.

I think any measures would need to be done on the log in side as opposed to withdrawals as once you have access you can soon filter the money out without doing a withdrawal on the account.
Top
Iron
Posts: 6793
Joined: Fri Dec 11, 2009 10:51 pm

How can you take money out without withdrawing it?

Maybe they should have a pin system that applies to transfers as well as withdrawls.

Another low cost security measure would be to do what some banks do, and rather than ask you for your password, ask you for (say) the 3rd, 5th and 1st characters in your password (changing what they ask for each time), as that would make things harder for key loggers.

Jeff
andyfuller wrote: I think any measures would need to be done on the log in side as opposed to withdrawals as once you have access you can soon filter the money out without doing a withdrawal on the account.
Top
andyfuller
Posts: 4619
Joined: Wed Mar 25, 2009 12:23 pm

Back with one account lay with the other. Money goes to dodgy account they then withdraw it using their own details into their own bank account.

They should use drop down menus for the idea you put forward as well so it is a mouse click rather than you still pressing a key.
Top
User avatar
Euler
Posts: 24804
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ

Given the data theft that occured, I think it's time for Betfair to beef up security.

These cases seem to be occuring with more frequency. I wonder whether if there could be a system issue?
Top
User avatar
to75ne
Posts: 2415
Joined: Wed Apr 22, 2009 5:37 pm

Im pessimistic about the trader getting his 6 ½ k back.
I was reimbursed 30 odd quid, and betfair only refunded me because it was a small amount relative to what I trade with, and my history/behavior showed that after a trading session I always empty it and just leave in 20 to 50 pounds. Plus my thief used it up on £3ish pound bets in the casino, again my history showed that I had never previously placed a bet in the casino or exchange games.


I hope he/she gets their money refunded but betfair were quite adamant they my refund would be a one off. If it happened again irrespective of what amount was left in the account, what ip address/addresses it was accessed from, they would deem it to be my responsibility/fault.
Top
User avatar
Euler
Posts: 24804
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ

I'm familiar with the detail of this case and it is clearly outright fraud, so I will be really interested in Betfair's response. I'll update people as it unfolds.

If the response is not positive then I think the time will have come to campaign for much better security at Betfair, especially in light of the huge security breach; which Betfair have never fully explained or apoligised for.
Top
User avatar
Dabbla
Posts: 664
Joined: Wed Apr 15, 2009 1:50 pm

chatty gambler has started a Petition for a Betfair Security Token on the BF forum.
http://community.betfair.com/general_be ... -is-needed

You never know they might listen.
Top
Post Reply

Return to “Betfair exchange”