Topic: Stake phishing - page 9. (Read 1414 times)

Just to reiterate though and not defending anyone, it's not the gambling platform's fault if you have been phished or something. For sure majority of them have good security, but if you have been phished and you click some links so that blame is on you.

That's why they will urge you to do 2FA and other security measures so that the hackers can't just simply withdraw your money without any alerts or red flag on your side. But just like what you said, just be very careful on any links that is unknown to us.

        -   If you are really a victim of a phishing hacker, why will stakes.com still be responsible for the loss of your fund? After all, isn't that negligent? I'm just asking, mate. Then what also makes me think is that not all of your funds have been obtained; maybe because your 2FA is activated, that could be the case.

But when you say that stakes.com is not safe to use, that seems wrong because you were a victim of a phishing link, so that means stakes.com has nothing to do with it, right? Or the stakes will require an investigation into your issue as well.

You click on an anonymous link and then ask the casino to refund what they didn't. What I mean is that control remains with the user. The casino is not responsible for activities outside the casino when attacks are carried out against users, perhaps if a phishing attack occurred on the casino then the casino would be responsible but here it is you who gave access to the hacker. As far as I know, that's how it works, because you were careless and didn't do a thorough check of the email messages received. Moreover, this is related to large amounts, so you as the owner must be more careful.

That is really bad. The situation clearly shows that the scammer had no option to benefit from his hack.
At this point he should have left the account but as you said it was pure revenge. It is pure evil.
It's like if the money can't be mine it should not be anyone's. Bad day for OP. 

His account was compromised, and probably after clicking such link the hacker already monitors his activity.
The support can confirm this but I think they can't help with your funds since its legally gamble on their site, better to be more careful next time.
This is not new, if the offer is too good to be true better to think again, and clicking links is not advisable even with the emails, better to confirm it first.

I suggest you provide some evidence since this appears to be baseless criticism against a popular gambling site. Two-factor authentication (2FA) should already enhance the security of your account, preventing unauthorized withdrawals. I believe it's also a necessary safeguard when logging into the website. Just exercise caution in the future, as phishing, a form of hacking, is prevalent. Always verify the URL of the site you're visiting. If the site had poor security, there would likely be numerous complaints from various gamblers which I don't see.

After 3 years and this is the first time it happened, must have been your fault I guess.

This is possible if the hacker sent him a phishing link that will automatically copy and login the OP credentials real time on the same casino. The best thing to verify this is by requesting the casino for IP login history of the account and check whether there’s a record about the different IP login at the same time.

Another scenario is the OP 2FA apps was compromised too but this is very rare to happened since it needs the key to manually back up by the hacker.

All said, I can reiterate that it is the link op clicked that got him into this. He was gunning for the bonus while the hacker was targeting his account. If you click a phishing website link then you have invested in a troubled waters, unfortunately I think that was what happened from his story.

This is another lesson not to click just any link sent to you without verification of where it came from, I avoid them alot when they are sent through to my email. Sometimes they are not sent directly with the original site name but the link sent to you would bear the name and with such discrepancy, you don't need to click at all whether you activated 2FA or Google authenticator because these hackers are highly knowledgeable in tech.

I hope I am really wrong about this but I think there is a way that hackers can bypass even the Google authenticator 2fa and still login into your account if you fall a victim to their phishing stuff, Now here it is...

All it takes is for the hacker to be online and follow you bumper to bumper on every step you take, now after clicking the phishing link and it opens and you are asked to login,  you type in your email address which the hacker already have, now while typing your password, the hacker is watching and typing the same into their system, when typing your 2fa code, the hacker is also watching and typing same numbers you are typing into the 2fa tab, once its six, they hit the login button, the hacker is in, maybe even before you..

Now, let's assume that 2fa codes are like one time password, that one can not use the same 2fa code to login two or more time before it expires, when the hacker is already in before you , when you click the login, you might see an error telling you 2fa is incorrect, you probably would assume you made a mistake with that code and wait for the next one, not knowing that something really malicious have happened..

It's not about logging out all the sessions on your device but it's about how did the hacker taken your login details. And from there, it's basically you have done something like fallen for a fake website that's just the same as stake or a promo where the offer is gullible and asked for your login details.

This is sad in all forms and you've lost money from there. Can't even blame you because you're the victim on this one and these hackers will do every social reengineering for their specific targets like you.

Sad indeed but I wish your recovery from this incident.

I actually did log out all the time due to my recent time spent on stake. I had logged out after all active session.
I get your point of I was wrong with clicking .
Hope if it is bad egg or whoever stop doing this for their leisure as this is bad for both website and devoted players.

Sad world we live in.
But hope karma works in both ways.

Thanks for responses all.

That is the main problem here,user awareness was not at the desired level,OP got tempted badly to click the bonus link without hovering near the link to see where it was going in reality.We live in a digital world and we hear daily and a lot of times in a day to not click links without verifying them no matter where they came from.It is easy to fall for phishing scams as bankofamerica.com is not the same as [email protected] which is an analogy they make a lot of times in cyber security courses I have followed.The only good thing out from this history is OP having enabled 2FA which is almost impossible to by pass no matter how good a hacker or group of hackers can be and I am talking about the app Google Authenticator,not the SMS 2FA which has been spoiled a couple of times.

If this comment is for me, then let me categorically make it clear to you that I am not being judgemental or judging you for whatever reason, I only stated the obvious fact which you yourself know it is the truth, you are logged in on stake and I believe you have not logged out since your first login,  and for every time you visited the casino, you were never asked to login again.

When you got and opened the mail that contained the phishing link you clicked, when the site opened and you were asked to log in, if you were really paying attention, you would have first of all verified to make sure you are on the right site before inputting your login details again, but unfortunately you paid no attention to any of this and went ahead to give your login details to the hacker,  how is this the fourth of stake ?

Now, speaking of who this hacker is and how he or she is able to monitor and know which accounts on stake has high balances, and even how he or she is able to get the email addresses associated with this account, I will personally assume this to be an insider, probably some bad eggs among the team did or is responsible for all of this, but then, this is not what is important, what is important is that you wouldn't have been hacked if you were security conscious.

Also account revival felt like dragged to extend that even i have provided proof they denied this was not valid. I had to fight it to prove that it is what they asked for , I provided for instant support wanted me to post older transaction of crypto sent from wallet to stake.

I sent screenshot they denied it was not sent to stake.

I had to point the crypto amount send and it was showing in deposits same amount in stakes own deposit history. Like how would support fail to recognize legitimate stake deposit and checking rather than coming up with this was not stake deposit.


Another senior stake support chimed in when I was angry and asked if they want my DNA.

Anyway just discussing my experiance here so it can be cautious story for others.

Yes I exactly did that and support said my 2FA was not set.  Thats is where I found communication gap as I always had 2FA on my account since last 2 n half year.
And to be honest that might have saved me from being cashed out or tipped.
But on repeatedly saying to support my 2fA was on and it is still On no changes, they kept saying my 2FA was not on.. even as a courtesy rather than looking for phosher info they kept asking me my info and documents to "keep my account secured" is like guarding bank after robbers have robbed al the money. Reviving my account was stressful 36 hrs battle. Stake support could have used those resources to even come for an explanation about which locations and IP and devices the bets were made .

Anyway I think scammer helped me to realise stake is not the top crypto gambling site so wouldn't be putting more energy in this site which I did for last 3 years feeling and assuming best "online gambling website".
I am so closed to filing cyber security phishing complain just so stake takes this seriously and prevent this rather than just harassing users.

So how would phisher get exactly same username and other data.
Also these attacks has been hppen in past to substantial values and much greater than me only. I havent seen any reports of phishing below certain amount. I am not playing victim but out of all this logical and analytical discussion you come out as "it is your fault not stake's" is more like stake is mind bowling. I thought it was discussion forum not judgemental space

The balance in your wallet is inconsequential to think of making such excuse for that happening to you now. Scammers will send attractive message for you to get you to compromise which you did. I think this is where the issue on your account started, you have compromised your account by clicking on a phishing mail sent to you and that directed your account towards the hackers domain. You are knowledgeable that it was a phishing site but because of the bonus you got tempted to open it instead of verifying from the casino and or report it.

Well I think what you need to do is to reach out to stake and ensure your account is safe going forward. Is a good thing you secured your account further with 2FA.

First, let me point out that the fact that this did not happen all the while that your balance was low, but only happened as soon as you hit the 10,000 dollar benchmark is pure coincidence, this is nothing but coincidence because there is no way scammers or hackers can track individual wallets that is associated with stake, stake is a centralized gambling casino, and like we all know, most centralized platforms make use of one wallet system, this simply means that funds belonging to users of that platform are stored in one wallet, usually is cold or hot wallet, what users now see as account balances is the number entered by the system into the user's account when the user made a deposit, this number we now be reduced  or increased accordingly by the system as the user plays games and losses or wins, so it is some kind of impossible for scammers or hackers to monitor a user's wallet on a centralized platform like stake.com.

And secondly, you falling victim to the phishing site is clearly your fault, whether or not stake's security is high or low end, you said you only play with your mobile phone, stake has a login system that keeps you logged in forever as soon as you log in the first time and did not log out, when you clicked and opened the phishing site, I believe you were asked to log in, that should have been a pointer to you that you are in the wrong site, but unfortunately, I believe you were too careless to notice and by yourself, you gave out your login details to the scammer, how and why then are you blaming stake for your own mistake?

Damn, this is really bad.... and it can happen with anybody, because this month Stake gave 3 x Monthly bonuses, so you would have thought that it was one of them.

You should think that a hacker would realize that the 2FA stopped them from withdrawing the money, so they would leave the money ...but it is as if the anger let them deliberately sabotage your account, by betting all of it.

Stake even blocked the tipping of the money without the 2FA ...so they cannot even tip an Alt account to withdraw it from another account.   

I was viper out. Hacker made 1st limbo bet it was winner. And he made 2nd bet on mines which was looser, 3rd limbo again looser. All bets were made in LTC 160, 155 and 168 ltc . After 3rd bet 29$ left in my account out of 10500 USD..


Funny thing is this exact scenario was reported aprox 6 to 8 months before and I was suspecting player made it and lost it and now producing stories. As the bets were huge . I exactly remember player claimed it was not him.

Stake definetly has more genius devs than me so I asked them to look up IP and devices associated with those bets but they refuse to reply. I only play through my phone and all other sessions it says android and location except that 1 login.

Funny thing is I was actively trying to go in slots at this point and when I see balance I freaked out went straight to support asking if anybody withdrew or tip and support showed me I made 3 beta and lost.

2 questions I had at this time
1) I was betting in USD so how suddenly it chabged to LTC value suddenly.
2)It was merely 20 seconds to load slots so sxammer waited till I was done playing with game I was playing patiently?

I still can't digest this whole situation and not getting any response from their tech devs