WARNING - Betfair account hacked / fraud
Not sure that taking money out of your account after each session as someone suggested is workable. In Australia it takes a few days for the funds to hit the account if you use Bpay. If you use a credit card it may be faster but BF charge you 1.5% of each transaction. One thought I had was to tie up the money overnight ie laying or backing something at ridiculous odds to the value of your account. The risk is that someone may accept the bet overnight, but if the odds are stupid then its probably not a problem as you should be able to lay off. Anyone see a problem with this strategy?
Funny you should say that Morante, but that's exactly what I done last night.
I've become a bit paranoid about this, so last night I spread money across various selections at ridiculous odds. If some of it gets matched, then even better.
I'm not sure if these fraudsters though will be stopped in their tracks by this. There's a default message from BF about having unmatched bets when logging out, so once they are into your account they could easily cancel them I suppose
I've become a bit paranoid about this, so last night I spread money across various selections at ridiculous odds. If some of it gets matched, then even better.
I'm not sure if these fraudsters though will be stopped in their tracks by this. There's a default message from BF about having unmatched bets when logging out, so once they are into your account they could easily cancel them I suppose
Do you have any idea how they were getting into your Betfair account? Was the problem at Betfair's end, or do you think malware installed on your own computer had capatured your passwords?
Just last week my security software caught someone ramaging around on my computer. I traced the problem, and it turns out the hacker got in via security holes (exploits) in the older versions of the Java runtime environment. You need to make sure that you always get the latest patches and updates for installed applications. In real-time, I saw that the hacker had access to my computer and was installing password capture bots, worms and other nasties. My security software was constantly removing the malware, but the hacker was somehow still getting back in. Sometimes malware is so well hidden it can't be removed. I had no choice but to reformat my entire hard disk from back-up. Since I installed the latest version of the Java runtime environment (ver 6.29 with security patches), the hacker hasn't been able to get back in.
Just last week my security software caught someone ramaging around on my computer. I traced the problem, and it turns out the hacker got in via security holes (exploits) in the older versions of the Java runtime environment. You need to make sure that you always get the latest patches and updates for installed applications. In real-time, I saw that the hacker had access to my computer and was installing password capture bots, worms and other nasties. My security software was constantly removing the malware, but the hacker was somehow still getting back in. Sometimes malware is so well hidden it can't be removed. I had no choice but to reformat my entire hard disk from back-up. Since I installed the latest version of the Java runtime environment (ver 6.29 with security patches), the hacker hasn't been able to get back in.
It can't hurt, but if someone is clever enough to hack into your account, they'll probably be able to work out how to cancel your unmatched bets...morante1 wrote:One thought I had was to tie up the money overnight ie laying or backing something at ridiculous odds to the value of your account.
Jeff
I asked Betfair if it was possible for customers to only allow connections from particular IP addresses (another simple, low cost security measure, you might think).
Their reply was about as useful as a chocolate fireguard:
Unfortunately we do not have an IP blocking facility I'm afraid, you can however check your last 10 login attempts through the 'My Account' section by selecting 'My Security'.
We ask that you have a strong password and strong security questions to prevent fraudulent access to your account, as well as investing in good Anti Virus software to protect your information.
Gee thanks guys - That would never have occured to me...
Jeff
Their reply was about as useful as a chocolate fireguard:
Unfortunately we do not have an IP blocking facility I'm afraid, you can however check your last 10 login attempts through the 'My Account' section by selecting 'My Security'.
We ask that you have a strong password and strong security questions to prevent fraudulent access to your account, as well as investing in good Anti Virus software to protect your information.
Gee thanks guys - That would never have occured to me...
Jeff
I suppose at the end of each session you could transfer your funds to your Australian wallet. No-one can withdraw it without first transferring it back to the main wallet, so storing it in the Australian wallet at least offers some (slight?) extra protection.
Sounds like the problem is at Betfair's end and there is some kind of exploit (trick) hackers can use to get into people's accounts without the passwords I'm afraid.Euler wrote: All the cases I have seen so far seem odd in that the account holders seem to have taken all normal security precautions. So how can somebody log on with one attempt and clean out the accounts?!?!?!
As the exploit becomes more widely known, more and more people will start getting cleaned out until Betfair fix the problem.
Until Betfair do something about it, the only defense is to constantly recycle the bank by withdrawing and redepositing every day from now on ...what a pain!
It's amazing the ever increasing number of new ways for people to lose their money betting have come to light since I started reading the forums. Really makes you wonder whether it's all worth it.
-
pdupre1961
- Posts: 410
- Joined: Fri Feb 18, 2011 8:01 pm
- Location: Morden, London
LeTiss what phone number did you call, as I have just found a rogue IP address login at 16:25 yesterday.LeTiss 4pm wrote:I contacted BF regarding my rogue IP addresses, and they were surprisingly helpful and quick with responding.
Paul
I'd throw everything at them.
But I'd start by asking them for their ideas. If they think they've come up with a solution themselves, they're more likely to adopt it!
When they suggest a restricted IP range, you could say, without a hint of irony, 'Brilliant idea! I never thought of that!'.
Flattery is like sunshine to some people!
Jeff
But I'd start by asking them for their ideas. If they think they've come up with a solution themselves, they're more likely to adopt it!
When they suggest a restricted IP range, you could say, without a hint of irony, 'Brilliant idea! I never thought of that!'.
Flattery is like sunshine to some people!
Jeff
Euler wrote:So, what do we propose to Betfair?
Automated timeout if lack of activity?
Restricted IP range?
Mandatory password changes?
-
andyfuller
- Posts: 4619
- Joined: Wed Mar 25, 2009 12:23 pm
Drop down windows from which you select letters which are randomly placed on the list, so it doesn't go:
A
B
C
rather
G
U
Z
Then ask for say 3 random letters from your PW.
A
B
C
rather
G
U
Z
Then ask for say 3 random letters from your PW.
-
andyfuller
- Posts: 4619
- Joined: Wed Mar 25, 2009 12:23 pm
Can't say I would be a fan of any of Peters ideas. I like to log in and stay logged in on my laptop while trading but rarely touch it until I log out at the end of the day. If I needed to get on quick if say my power failed I may have to waste time logging in again.
Also when I go away I often log in but I wouldn't know the IP address in advance so could end up blocked out. Or if in an emergency you need to do as Peter said on the blog and nip to a coffee shop you may find yourself unable to log in.
Also I have that many different passwords I don't fancy being forced into changing them as I would get myself in a right muddle.
Also when I go away I often log in but I wouldn't know the IP address in advance so could end up blocked out. Or if in an emergency you need to do as Peter said on the blog and nip to a coffee shop you may find yourself unable to log in.
Also I have that many different passwords I don't fancy being forced into changing them as I would get myself in a right muddle.
-
andyfuller
- Posts: 4619
- Joined: Wed Mar 25, 2009 12:23 pm
One way I believe to avoid key loggers is to use the onscreen keyboard to log in and then you are just pressing the mouse button rather than a specific key on your keyboard.