Forums
Welcome to Live View – Take the tour to learn more
Start Tour
There is currently 1 person viewing this thread.
Dside17
02 Jul 17 21:36
Joined:
Date Joined: 04 Apr 08
| Topic/replies: 75 | Blogger: Dside17's blog
Hi,

My Betfair account was hacked in April and two bets were placed by the hacker(s) as a result of which almost £800 was lost/taken from my account.

I asked Betfair to investigate which they did, however, they have concluded that "there was no evidence of unauthorised access on [my] account". This is despite the fact that:

1) the stakes of the two bets were completely out of line with my betting history (i.e. at least 50 times higher than my usual stakes);
2) one of the bets was placed on a baseball game, a sport that I have never previously bet on;
3) the IP addresses of the computers/devices used to place the two bets have never previously been used to place bets on my account. On investigating the IP addresses, one was in the United States.

I got chatting about it to a friend of mine recently who said that something very similar had happened to him about 6 months ago. He logged in to his account to find that the balance was zero and when he checked the betting history, a bet had been placed staking the entire contents of his account (as happened with me), however he hadn't placed the bet. As with me, the bet was completely out of character with his betting history. He contacted Betfair about it and they reimbursed him without any problems (albeit that he had "only" lost £40). He doesn't use Betfair anymore because he is concerned that it may happen again.

I was just wondering if anyone else has had a similar experience and, if so, how Betfair dealt with it?

Thanks.
Pause Switch to Standard View Betfair Account Hacked
Show More
Loading...
Report Daryl Revok July 2, 2017 9:39 PM BST
Isn't it illegal to access BF from the U.S?
Report Dside17 July 2, 2017 9:48 PM BST
I don't know to be honest Daryl but when I searched the two IP addresses that Betfair told me had been used, one of them definitely came up as El Segundo, California.
Report the dealer July 2, 2017 9:50 PM BST
there has been similar threads like this before, pretty sure there was one a few months ago and like you the guy wasnt reimbursed
Report Fashion Fever July 2, 2017 9:50 PM BST
keyloggers NAP
Report The Mule 26 July 2, 2017 9:54 PM BST
Betfair third--party access isn't unusual, I ussed to work in Fraud there and dealt with most of the hacked claims for 5 years. A Betfair account is highly attractive for fraudsters so I can understand why it happened so much. what do you want to know Dside17 ?
Report Deltâ July 2, 2017 10:13 PM BST
^ great first post!
Report Dside17 July 2, 2017 10:15 PM BST
Thanks for your reply Mule. I would like to understand why Betfair have concluded that there was nothing unusual about the two bets that were placed on my account despite clear evidence to the contrary. As I mentioned in my opening post, something similar happened to a friend of mine and Betfair reimbursed him. Do you think that they reimbursed him because it was only £40 whereas I had nearly £800 taken?

Is there anything else that you would recommend I do to try to get Betfair to realise/accept that my account was hacked?

I spent about 5 years gradually building up my account balance and £800 is a lot of money for me/my family. So I can't just write it off as "one of those things". If Betfair continue to refuse to reimburse me, I will just have to issue a court claim.
Report smirnoff2therescue July 2, 2017 10:42 PM BST
all in all your just another brick in the wall ..........ScaredScared
Report Willie Shafter. July 2, 2017 10:51 PM BST
well firstly bf will know the identity of the acc the funds went into and should easily determine if it was fraud...

the mule been a member since 2004 and has his 1st contribution on this thread

sherlock holmes been informed.
Report smirnoff2therescue July 2, 2017 11:06 PM BST
Big Martha bid half a million for that account om Ebay LaughLaughLaugh
Report Willie Shafter. July 2, 2017 11:49 PM BST
aye rupees..
Report The Mule 26 July 3, 2017 12:33 AM BST
ok mate, well first things first, I have no idea why they would say there is no sign of unauthorised access, that is NOT what should happen in any standard case of hacking whether funds are lost or not. If they are saying that, they should have a reason for saying it, and should expand. I certainly would never have said that when I was there unless I could back it up, and believe me, most of the hacking cases got to me as I was one of only a couple of Investigators based in UK. I generally got sent the challenging ones a lot. Generally it goes like this :

1 Claim comes through. If it's Exchange (my speciality) you very quickly ascertain whether passing occurred. Simple for anyone. If it has, trap the funds if possible, and return to victim. Normally if customer has raised it,unlikely that funds remain. Most of the happy endings started with us pro-actively finding it, which we did a lot.

2. This is where I don't understand your response from BF, if no funds can be reclaimed, you say it how it is. Yes, rogue IP, yes it looks like your account hacked, I'm very sorry, all account activity you are responsible for. If you report to police, we will co-operate. That is the standard response. If they are saying what they are saying to you, no sign etc of malicious activity, they need to explain why as that is just adding fuel to the fire.

3.Couple more points,if it's taken as genuine hack, and money lost to BF, as in not Exchange first time, they did refund customer when I was there,I would validate claim and then get refund from area, as gogw only, as they realise profiting from hacks not good.

4. Did your mates account lose direct to BF ? As in, Sportsbook etc. If so, that could be the reason he got a refund yes. Was your Exchange ?

Generally speaking the fraudsters tried to build funds fast with aggressive bets, before passing funds  on Exchnage, through the night, on American sport bullshit markets. Of course, if the fraudster lost the first bets, the customer was left asking what was the point of the bets ? I had to explain the possibility of winning x funds quickly, to pass in future, but of course, it is speculation, but that is what they did. The sly ones,sometimes left the balance the same through the night if they won, so the genuine wouldn't notice, and they would do it again. So example, I hack you, balance 500, double up to 1000 pass 500,, leave 500, you log-in,no change,and I do it time and time again..

Dstyle - the nothing unusual line is clearly nonsense based on your observations of previous betting. If they persist in saying no sign of unauth acces, I would push them for detailed response why. As for getting moey back, I would forget it, policy is as it is, and 2-factor auth was coming in when I left, so although totally annoying, there is no way BF can refund instances like this. i'm sure your telling the truth, but plenty wouldn't with a different policy, as I said many times

As for you Willie Shafter, not sure what you are implying by this being my first post, but I have been regular reader of these forums for years. As I worked for BF Fraud, I felt this one needed my input, but yes, I don't post clearly, just read,so what ? BTW, it's easy to determine if passing, not if its a genuine hack, no idea why you would think it was easy. Silly statement, think about it.
Report smirnoff2therescue July 3, 2017 12:41 AM BST
*2
Report casemoney July 3, 2017 1:58 AM BST
Very Interesting Post Mule Plain

Perhaps we should all have a quick Look at the previous overnight activity  activity on our Accounts Shocked

How come u no Longer work for BF  Mule ?
Report onlooker July 3, 2017 2:02 AM BST
Interesting 'tactic' - 'Borrowing' your money to place (hopefully winning) bets with - and then RETURNING your Balance/Money IF SUCCESSFUL - to then 'Borrow' again - tomorrow night.
Report casemoney July 3, 2017 2:04 AM BST
Was a Guy on here few weeks back said he was done for a Couple of thousand insane Bets or what seemed insane Bet on his account That was  on Sports Book  ,But then if as you say it will then be passed it makes Sense Plain
Report onlooker July 3, 2017 2:07 AM BST
^ That poster GOT HIS MONEY BACK off Betfair.
Report casemoney July 3, 2017 2:11 AM BST
The Markets that were bet on Prob be no money on the Exchange in the Middle of the Night ,Win on sports book Pass on winnings  ,No one the Wiser ,You can always return at a Later Date ,Plus Sports book wont show in P&L Plain
Report 4builder4 July 3, 2017 7:49 AM BST
Hi D,
my BF account was hacked in April(via SB) as well and the thread should make interesting reading if you have not already seen.
It is under my old nick name 'chalkie'see here http://community.betfair.com/horse_racing/go/thread/view/94102/30860069/account-g-emptied?post_id=551771841#551771841
I was open and transparent with BF and all on here and there was a couple of doubters etc but in the end they did refund me and surprise surprise they even lifted any restrictions on the amounts they would let me bet on SB .......for while anyway.
I have not placed a bet on there for good time now as i am not allowed BOG or anything now.
They set me up with new account and failed to transfer any bonus points over to it and can't even get my history for that account now.I now use as many suggested the 2 part signing in which does help with security.
Hope this helps and i empathise with you as i know what it feels like when wronged and no way of dealing with it
cheers Paul
Report sparrow July 3, 2017 8:11 AM BST
Interesting stuff here.
Report TheNorfolkMafia July 3, 2017 9:27 AM BST
Somebody hacked my account once!

Put £200 in it!
Report Willie Shafter. July 3, 2017 9:46 AM BST
how did an american ip show when they sposed to be blocked.
Report dave1357 July 3, 2017 9:54 AM BST
yes willie just like the other case (the bets should never have been accepted by the sportsbook) something very odd going on.
Report trimmer July 3, 2017 10:36 AM BST
Happened to me about 10 years ago.
A big bet was placed during the early hours
on a obscure football match at big odds on.

The team lost,i contacted Betfair,who agreed
it was not me who placed the bet.
They got security involved and refused to put
the lost money back.They said i should improve
my security.
Report trimmer July 3, 2017 10:43 AM BST
Happened to me about 10 years ago.

My balance went down to zero in the
early hours.A large bet was placed on
an obscure football match at big odds on.
Betfair blamed me for having poor security
on my computer.
They did however concede the bet was not mine.
Report ribero1 July 3, 2017 11:25 AM BST
Same here,a few years ago at Cheltenham had a bet on the phone and gave details over the phone to place bet,obviously fraudsters picked up call,fortunately checked account next day and they had placed 2 identical bets on 2 ice hockey games which produced exact same win and loss which I didn't really get but I guess Mules point 4 covers that. BF gave me no explanation but as i'd not lost any money I didn't pursue it and obviously just changed password etc and don't ring through any bets.
Report sageform July 3, 2017 12:16 PM BST
I have not had a problem thankfully but how does the hacker get your money out? I always keep my balance at a very low level when away for a day or on holiday as I do in my current bank accounts. Just move it into a savings account which tends to be more secure.
Report Cardinal Scott July 3, 2017 12:25 PM BST
If you are not using 2 Step Authentication!....Do It NOW!
Report Cardinal Scott July 3, 2017 12:30 PM BST
Also construct passwords that are not words in a dictionary and contain plenty special characters and are as long as they allow them to be! Again 2 Step Authentication is a MUST
Report Cardinal Scott July 3, 2017 12:31 PM BST
Also do not log in to betfair ever on a Pub Free Wifi...or any free wifi!
Report Swardean July 3, 2017 12:59 PM BST
Willie I work in the states a lot, if you try to use betfair using wifi or a local data provider in the states, you get blocked when you try to use.

If you switch off wifi, and just use your phone and UK data plan, you can access betfair (or any other bookmaker) no problem.   Obviously the data costs may be high.
Report hardestgame July 3, 2017 2:30 PM BST
best bet is not to leave any money in b/f  account over night
if i have over £200 i will take it out
just to be safe
if you have nothing they cant take it
hopefully
Report duffy July 3, 2017 2:37 PM BST
Yeh, I tried to access BF from the states and got blocked and told homeland security are coming to get meGrin
Report dustybin July 3, 2017 2:42 PM BST
Taking money out is a good idea but not that practical due to the delay in it arriving in the bank account.
If you did it for large amounts each day youd have to have a lot of money to be liquid on going by the third day while beftair sit on the first withdrawal.

Is it conclusive that nobody using 2 stage auth have ever been hacked, or is it still possable?
Report Brian July 3, 2017 3:31 PM BST
I got an email from Betfair recently advising that an attempt had been made to get into my account which was unsuccessful and I further advised to put on twostep authentication and strengthen my password. I was on holiday at time which frightened the life of me as I had a fairly large amount in the account (after Royal Ascot and pending withdrawal).
I was actually already on twostep authentication (which Betfair confirmed by email) and have since changed by password to something that is difficult for me to remember!

I'm assuming two step authentication makes it as safe as can be. Emptying account each night would be impractical for me but will try to keep it as low as possible in the future.
Report onlooker July 3, 2017 3:32 PM BST
Would be interesting to ascertain whether the OP - Dside17 - and others who say that they have had their ACCOUNTS HACKED - are ALL using PHONES or other REMOTE access methods to Betfair - as opposed to stay at home DESKTOP users.

Presumably - far easier to have Hacked somebody's PHONE - in order to ORIGINALLY obtain their Log-In name and Password - than get through somebody's HOME Computer Firewall.

As far as I can ascertain - '2-Step AUTHENTICATION' applies to PHONE Users... and is NOT available to DESKTOP COMPUTER users
------------------

How do I use it?

Two-step authentication is very easy to use and you will quickly get accustomed to the process.
You start by logging in as usual. You will be presented with an additional login screen if your credentials are correct.
Open the Google Authenticator from your phone and type the verification code in your browser.
If the code is correct, you will be logged into your profile. You can choose to do this for every login or only for new devices within 'My Security'.
Report Brian July 3, 2017 3:38 PM BST
Wrong Onlooker. You need a phone for 2step but it applies to desktops/laptops.
Report dustybin July 3, 2017 3:39 PM BST
You can download the app onto a tablet too, thats what I did.

Somebody in the philippines tried hacking one of my accounts a couple of months ago but I guess 2 stage did for em.
Report dustybin July 3, 2017 3:41 PM BST
*the google authenticator to access your desktop log in

Microsofts version is better than google's version, but both required in this day and age
Report onlooker July 3, 2017 3:42 PM BST
^ YES you do NEED a SMARTPHONE -

- to accept the second layer of Log-In code from Betfair - Sent by Betfair to your SMARTPHONE ONLY.

If you do NOT own a SmartPHONE - then they CANNOT send anything to you - according to Betfair Customer Services.
Report Brian July 3, 2017 3:56 PM BST
Yes you need a smartphone but it can be used to improve desktop security.
Report dustybin July 3, 2017 3:58 PM BST
*smartphone or tablet
Report jamesdean July 3, 2017 4:04 PM BST
You can then tick the trusted device option, so if you use the same device whether it be computer/laptop/phone
you don't have to keep entering a 2nd code other than your password on that device. If anyone else tried to log in
using another device they would still have to enter the 2 step code, which changes every 30 seconds
Report The Mule 26 July 3, 2017 7:48 PM BST
I left because of issues with management casemoney, in 2014. Nothing major but time to leave. Loved working there though, as a massive sports fan and gambler, I was in my element. I had a great 5 years there and undoubtedly the highlight of my working life. I wasn't learning anything either, they were relying on me too much and I wasn't being rewarded so naturally I had to move on. I worked for 2 more mainstream gambling firms and both had much fewer hacked cases than BF, but then BF is massive worldwide company and with Exchange etc, and money sitting in, they are massively attractive for fraudsters. I honestly loved trapping funds from hacks though, best part of my job by far. Let's just say Ukranian BF accounts were a constant problem for receiving the funds. Betfair did their obligations by introducing two-factor and I have not negativity towards the company at all. There was no indications any issues with Betfair, want to make that clear. However, I am honest guy, and I always stood up for the punter. Saying no unauthorised access is unacceptable if they can't back it up. I wasn't backward in coming forward in telling people what we needed to do to stop these cases.
Report pablo-fanque July 3, 2017 8:14 PM BST
the mule , did you ever have to investigate why some people have money taken from their accounts every Wednesday at 12:00 ?
Report ph. July 3, 2017 8:17 PM BST
wrong squad, thats theft and Robbery squad needed rather than Fraud Dept
Report Callisto-moon July 4, 2017 1:38 PM BST
Are the apps offering two step ?
Report dave1357 July 4, 2017 2:34 PM BST
two step is applied at any method of logon- web page, gruss etc or betfair app.
Report duffy July 4, 2017 3:25 PM BST
jamesdean
     03 Jul 17 16:04
You can then tick the trusted device option, so if you use the same device whether it be computer/laptop/phone
you don't have to keep entering a 2nd code other than your password on that device. If anyone else tried to log in
using another device they would still have to enter the 2 step code, which changes every 30 seconds 


Correct on betfair web but not on Gruss, checking the trusted devices in betfair and logged into gruss once appended and subsequent log ins still require the code appended everytime. Unlike betfair there is no check box saying this is a trusted device to be found on gruss
Report duffy July 4, 2017 5:48 PM BST
got it now, wasn't using the newer version.
Post Your Reply
<CTRL+Enter> to submit
Please login to post a reply.

Wonder

Instance ID: 13539
www.betfair.com