PointsBet Gets Embroiled in Crypto Phishing Scam

PointsBet USA, the division of the famous Australia-based sports and gaming entertainment company PointsBet, announced late on Thursday that it temporarily halted its system email communications after a third-party provider sent emails involving cryptocurrency. The company admitted that an email sent in the morning by a provider, which name wasn’t disclosed, contained communication that wasn’t official.

The popular betting provider urged its customers to delete the aforementioned email. Additionally, PointsBet asked its users not to click on any links within the message or to respond to it. At the time, the company said that the temporary halt of email communication will be in effect “until the matter has been fully resolved” with the third-party provider.

Less than two hours after the initial statement released via Twitter, PointsBet identified the issue as a “phishing attempt.” As with similar threats, phishing attacks target customers by offering different prizes and in this case, crypto was involved.

Reportedly, the culprits sought to lure customers by asking to receive crypto. In exchange, they were promised that the funds in their crypto accounts would be doubled. Recently, PointsBet hinted that it plans to exit the US and North America. Still, the company is yet to make a move in that direction.

The Company Confirms There Was No Data Breach

Without any doubt, the promise to double cryptocurrency was one of the first signs that the email was part of a phishing attempt. As with most such attacks, there may be grammatical errors or simple typos, that can once again serve as a warning light for the consumers. Yet, what’s strange about this particular case is that the email itself was sent from PointsBet’s own domain, judging by screenshots shared on social media by customers of the company.

Although PointsBet admitted that there was a phishing attempt dating to Thursday morning, in its second statement, the company reiterated that the mail was the result of a third-party company. PointsBet apologized for any inconvenience and also explained that the third-party provider did not have visibility to personal data.

“We confirm this was a phishing attempt made to our mailing list and the 3rd-party did not have visibility of individual email addresses. There was no breach of core player account management or internal systems. We again apologize for any inconvenience,“

explains a statement released by PointsBet

Despite the explanation and apology, some users on social media showed that they are not happy with the whole situation. Some users online joked about sending millions in crypto to the scammers and asked to receive their crypto doubled as promised. Others criticized the claim that there was no personal information breach considering that the phishing emails were sent from the company’s own domain.