What is the most common method of defrauding a gaming site?
IntSights: The most common fraud method on gaming sites is carding and identity theft (impersonation); it occurs in every industry, but in gaming and leisure this is the most emergent risk.
Carding is the usage of stolen or fake payment methods while bypassing authentication mechanisms set in place by gaming sites. Hackers share online lists of sites that are “cardable” - meaning sites that when accessed enable purchase using stolen cards to some extent.
Impersonation allows the player to act on behalf of another individual without their consent, usually with stolen accounts. Threat actors would also look for proxy servers using RDPs and SOCKS5 VPN, through which they’d be able to conduct carding and impersonation.
When the impersonation happens with consent (such as in an affiliation scheme), the experienced player uses TeamViewer in order to play on behalf of a newbie - enjoying their privileges and scamming the gaming site in return for profit percentages.
Peter Taylor: A common method is ‘card not present’ fraud by professional hackers. They specialise in using credit card details purchased from the dark web. Committing the fraud is the next stage; the professional fraudster will have an account which they control (usually offshore), and it is often in their name, a family member’s name, or an identity that they use for that site alone.