Topic: Stake phishing - page 9. (Read 1327 times)

Even though the hacker could not get the money, but OP is still losing his money which is something that can be said as fine.
Although Op may also lose the money himself by playing but it would be different case.
Lesson learned, always be careful with any link sent to our email. Double check first before clicking any link.
If we feel that there is something suspicious, better to ask the official support of the service to make sure whether the email is sent officially from the real service or not.

In as much as I feel bad for what happened to OP, I still like I've told him before stand on the fact that he was wrong about what he said concerning stake not being safe,  the issue of one fallen victim to phishing scam has nothing at all to do with the platform to which the scam was carried out on, security is not just onto to the platform we are using but it has much more to do with ourselves, a hacker breaking into one's account by the means of phishing is solely as a result of the users negligence not that the platform is not secure.

Do I still Believe stake has a role to play here, and that role is to at least find out the IP address associated with the user that accessed OP's account and report that to OP, maybe there could be a way to trace who ever did this through the IP address, that is if the hacker was stupid enough not to use VPN to hide their true IP address.

On the other side, I guess it will be fine for op since the hacker couldn't get hold of the money. He would have felt really bad if another person took his money in such way to enjoy his sweat. It is a lesson for us all that before clicking on a link sent to you, you need to do some background check because a little mistake can little to regret. And another lesson is the need for 2FA google authenticator security activation to our accounts so that when hackers get succeed then they won't be able to run away with the money in the wallet.

Just to reiterate though and not defending anyone, it's not the gambling platform's fault if you have been phished or something. For sure majority of them have good security, but if you have been phished and you click some links so that blame is on you.

That's why they will urge you to do 2FA and other security measures so that the hackers can't just simply withdraw your money without any alerts or red flag on your side. But just like what you said, just be very careful on any links that is unknown to us.

        -   If you are really a victim of a phishing hacker, why will stakes.com still be responsible for the loss of your fund? After all, isn't that negligent? I'm just asking, mate. Then what also makes me think is that not all of your funds have been obtained; maybe because your 2FA is activated, that could be the case.

But when you say that stakes.com is not safe to use, that seems wrong because you were a victim of a phishing link, so that means stakes.com has nothing to do with it, right? Or the stakes will require an investigation into your issue as well.

You click on an anonymous link and then ask the casino to refund what they didn't. What I mean is that control remains with the user. The casino is not responsible for activities outside the casino when attacks are carried out against users, perhaps if a phishing attack occurred on the casino then the casino would be responsible but here it is you who gave access to the hacker. As far as I know, that's how it works, because you were careless and didn't do a thorough check of the email messages received. Moreover, this is related to large amounts, so you as the owner must be more careful.

That is really bad. The situation clearly shows that the scammer had no option to benefit from his hack.
At this point he should have left the account but as you said it was pure revenge. It is pure evil.
It's like if the money can't be mine it should not be anyone's. Bad day for OP. 

His account was compromised, and probably after clicking such link the hacker already monitors his activity.
The support can confirm this but I think they can't help with your funds since its legally gamble on their site, better to be more careful next time.
This is not new, if the offer is too good to be true better to think again, and clicking links is not advisable even with the emails, better to confirm it first.

I suggest you provide some evidence since this appears to be baseless criticism against a popular gambling site. Two-factor authentication (2FA) should already enhance the security of your account, preventing unauthorized withdrawals. I believe it's also a necessary safeguard when logging into the website. Just exercise caution in the future, as phishing, a form of hacking, is prevalent. Always verify the URL of the site you're visiting. If the site had poor security, there would likely be numerous complaints from various gamblers which I don't see.

After 3 years and this is the first time it happened, must have been your fault I guess.

This is possible if the hacker sent him a phishing link that will automatically copy and login the OP credentials real time on the same casino. The best thing to verify this is by requesting the casino for IP login history of the account and check whether there’s a record about the different IP login at the same time.

Another scenario is the OP 2FA apps was compromised too but this is very rare to happened since it needs the key to manually back up by the hacker.

All said, I can reiterate that it is the link op clicked that got him into this. He was gunning for the bonus while the hacker was targeting his account. If you click a phishing website link then you have invested in a troubled waters, unfortunately I think that was what happened from his story.

This is another lesson not to click just any link sent to you without verification of where it came from, I avoid them alot when they are sent through to my email. Sometimes they are not sent directly with the original site name but the link sent to you would bear the name and with such discrepancy, you don't need to click at all whether you activated 2FA or Google authenticator because these hackers are highly knowledgeable in tech.

I hope I am really wrong about this but I think there is a way that hackers can bypass even the Google authenticator 2fa and still login into your account if you fall a victim to their phishing stuff, Now here it is...

All it takes is for the hacker to be online and follow you bumper to bumper on every step you take, now after clicking the phishing link and it opens and you are asked to login,  you type in your email address which the hacker already have, now while typing your password, the hacker is watching and typing the same into their system, when typing your 2fa code, the hacker is also watching and typing same numbers you are typing into the 2fa tab, once its six, they hit the login button, the hacker is in, maybe even before you..

Now, let's assume that 2fa codes are like one time password, that one can not use the same 2fa code to login two or more time before it expires, when the hacker is already in before you , when you click the login, you might see an error telling you 2fa is incorrect, you probably would assume you made a mistake with that code and wait for the next one, not knowing that something really malicious have happened..

It's not about logging out all the sessions on your device but it's about how did the hacker taken your login details. And from there, it's basically you have done something like fallen for a fake website that's just the same as stake or a promo where the offer is gullible and asked for your login details.

This is sad in all forms and you've lost money from there. Can't even blame you because you're the victim on this one and these hackers will do every social reengineering for their specific targets like you.

Sad indeed but I wish your recovery from this incident.

I actually did log out all the time due to my recent time spent on stake. I had logged out after all active session.
I get your point of I was wrong with clicking .
Hope if it is bad egg or whoever stop doing this for their leisure as this is bad for both website and devoted players.

Sad world we live in.
But hope karma works in both ways.

Thanks for responses all.

That is the main problem here,user awareness was not at the desired level,OP got tempted badly to click the bonus link without hovering near the link to see where it was going in reality.We live in a digital world and we hear daily and a lot of times in a day to not click links without verifying them no matter where they came from.It is easy to fall for phishing scams as bankofamerica.com is not the same as [email protected] which is an analogy they make a lot of times in cyber security courses I have followed.The only good thing out from this history is OP having enabled 2FA which is almost impossible to by pass no matter how good a hacker or group of hackers can be and I am talking about the app Google Authenticator,not the SMS 2FA which has been spoiled a couple of times.

If this comment is for me, then let me categorically make it clear to you that I am not being judgemental or judging you for whatever reason, I only stated the obvious fact which you yourself know it is the truth, you are logged in on stake and I believe you have not logged out since your first login,  and for every time you visited the casino, you were never asked to login again.

When you got and opened the mail that contained the phishing link you clicked, when the site opened and you were asked to log in, if you were really paying attention, you would have first of all verified to make sure you are on the right site before inputting your login details again, but unfortunately you paid no attention to any of this and went ahead to give your login details to the hacker,  how is this the fourth of stake ?

Now, speaking of who this hacker is and how he or she is able to monitor and know which accounts on stake has high balances, and even how he or she is able to get the email addresses associated with this account, I will personally assume this to be an insider, probably some bad eggs among the team did or is responsible for all of this, but then, this is not what is important, what is important is that you wouldn't have been hacked if you were security conscious.

Also account revival felt like dragged to extend that even i have provided proof they denied this was not valid. I had to fight it to prove that it is what they asked for , I provided for instant support wanted me to post older transaction of crypto sent from wallet to stake.

I sent screenshot they denied it was not sent to stake.

I had to point the crypto amount send and it was showing in deposits same amount in stakes own deposit history. Like how would support fail to recognize legitimate stake deposit and checking rather than coming up with this was not stake deposit.


Another senior stake support chimed in when I was angry and asked if they want my DNA.

Anyway just discussing my experiance here so it can be cautious story for others.

Yes I exactly did that and support said my 2FA was not set.  Thats is where I found communication gap as I always had 2FA on my account since last 2 n half year.
And to be honest that might have saved me from being cashed out or tipped.
But on repeatedly saying to support my 2fA was on and it is still On no changes, they kept saying my 2FA was not on.. even as a courtesy rather than looking for phosher info they kept asking me my info and documents to "keep my account secured" is like guarding bank after robbers have robbed al the money. Reviving my account was stressful 36 hrs battle. Stake support could have used those resources to even come for an explanation about which locations and IP and devices the bets were made .

Anyway I think scammer helped me to realise stake is not the top crypto gambling site so wouldn't be putting more energy in this site which I did for last 3 years feeling and assuming best "online gambling website".
I am so closed to filing cyber security phishing complain just so stake takes this seriously and prevent this rather than just harassing users.

So how would phisher get exactly same username and other data.
Also these attacks has been hppen in past to substantial values and much greater than me only. I havent seen any reports of phishing below certain amount. I am not playing victim but out of all this logical and analytical discussion you come out as "it is your fault not stake's" is more like stake is mind bowling. I thought it was discussion forum not judgemental space

The balance in your wallet is inconsequential to think of making such excuse for that happening to you now. Scammers will send attractive message for you to get you to compromise which you did. I think this is where the issue on your account started, you have compromised your account by clicking on a phishing mail sent to you and that directed your account towards the hackers domain. You are knowledgeable that it was a phishing site but because of the bonus you got tempted to open it instead of verifying from the casino and or report it.

Well I think what you need to do is to reach out to stake and ensure your account is safe going forward. Is a good thing you secured your account further with 2FA.