Online gambling operators are increasingly being targeted for account takeover fraud, in part due to customers choosing some truly lousy passwords.

A new survey of global fraud and payments professionals by the Ravelin fraud detection firm found gambling second only to taxi companies in terms of the average annual number of account takeover attacks. These attacks involve fraudsters obtaining customer credentials to take control of an online account and then either use the account to spend lavishly on goods or services or sell the compromised data to nefarious third parties.

Gambling firms faced an average of 60 account takeover attacks per year, behind only taxi firms (65 attacks) but ahead of grocers (53). While gambling sites are obvious targets due to the large sums that accounts can contain, the grocers’ profile got a boost this year due to skittish customers filling their carts online during pandemic lockdown. 

Over half (52%) of gambling operators reported a significant rise in ‘serious’ account takeover attempts this year, again, thanks to the surge in online gambling activity as land-based options diminished due to COVID-19.