HomeNewsCaution, phishing: how scammers steal personal data

Caution, phishing: how scammers steal personal data

What is phishing and how can poker players protect themselves from it. How to identify a scam letter and shield your data from its content.

Phishing is the most popular type of cyber scam in the world. According to AAG IT Services, as of the end of 2023, approximately 3.4 billion phishing messages were sent worldwide every day.

To prevent our readers from becoming victims of such scams, we have gathered all the important information about phishing and protective measures in this article.

What is phishing?

Phishing (a homophone of the word “fishing”) is a specific term for spam messages sent via email or messenger apps. Unlike regular emails from Nigerian princes, their goal is to obtain a person’s personal data. Messages are divided into three main types:

  1. Containing a malicious link, clicking on which leads to the download of malware, a program itself, or any other file. These can be fake programs capable of extracting information from a person’s device, as well as files of any format serving as carriers of a virus.
  2. Containing a link to a fake version of a real website, from where information is then stolen.
  3. Containing a direct request for personal data. Usually, the email mimics an official newsletter from a website or application that the person is already a client of.

In the world, the main sources of phishing are email and messenger app distributions on behalf of well-known websites, where the three most popular types are:

  1. For job searches like LinkedIn — 52% of the total number of phishing messages;
  2. Transport services like DHL — 14%;
  3. Search engines and their services like Google — 7%.

How to recognize a phishing message?

According to analysis by the US Federal Trade Commission, most phishing emails contain the same information:

  • Suspicious activity or an attempt to log into your account has been noticed;
  • There is a problem with your account or payment information;
  • You need to confirm/update personal or financial data;
  • You may receive compensation from the government — for this, follow the link;
  • You may receive a coupon/bonus/gift/promotion from a website or company — for this, follow the link.

Such emails also often contain attachments (invoices, receipts, and similar data) that the person does not recognize, and they also ask to make a payment by clicking on a link.

How are phishing and poker connected?

Poker players encounter phishing in directions unfamiliar to the general public. They most often receive emails from scammers posing as:

  • Poker rooms or websites;
  • Room or website support;
  • Payment system support;
  • Cryptocurrency exchange websites or platforms;
  • Well-known players.

For the authors of these emails, the number one goal is to gain access to the account of a person involved in poker or a payment system. Therefore, they often conduct targeted phishing rather than the usual kind, obtaining some personal information about the individual (username, room nickname, backup email, full name, phone number), and then using it to craft more convincing texts tailored to the specific person.

In the poker industry, scammers like to impersonate the largest or fastest-growing rooms and payment processors.

For example, periodically, in this role, Ignition Poker room and the PayPal payment system act. The example below in the screenshot is a phishing email received by Patrick Howard.

How to protect yourself from phishing

  1. Do not open suspicious emails and messages. Do not respond to them. Do not download attachments. Do not click on links.
  2. Use anti-phishing software. It is built into some antivirus programs and browsers, but you can also install additional applications or extensions.
  3. Do not send personal data, including photos, scanned copies, and files of various documents, through messengers and email. If you need to do this, delete the message with the data immediately after sending. Do not store them in questionable cloud storage or on devices with internet access.
  4. Use multi-factor authentication — when additional confirmation is required for authorization, such as a secret code or key, fingerprint, or other biometrics.
  5. Use a special email for accounts with sensitive information that is not widely used. Similarly, treat backup email for such accounts.
  6. Regularly change passwords, especially for accounts with sensitive information. Do not store old and new passwords on an unencrypted device.
  7. Update applications in a timely manner — this applies primarily to rooms, payment systems, wallets, messengers, marketplaces, and email.
  8. Contact official support through applications or the real website if you receive a suspicious email referring to them, to clarify the source and reason for contact.
  9. Do not click on pop-up notifications on websites, especially if they offer gifts.
  10. Use secret questions, the answers to which only you know and are difficult to guess. The notorious maiden names, names of first pets, and favorite dishes no longer work — the questions should be more original.