PokerStars ‘Skype Scam’ Attempt Perhaps Not What it Seems

Playing high-stakes online poker necessarily entails undertaking some security precautions, as a recent final-table player in a preliminary PokerStars TCOOP (Turbo Championship of Online Poker) is likely finding out.

Thursday evening, online Stars player “jawong2000” appeared on the 2+2 discussion forum to do a little bit of humblebragging about his fourth-place showing in TCOOP Event #1, for a lovely $31,000 score, but also to report that he may have been the victim of a scam attempt directed at him by someone pretending to be a PokerStars employee.

pokerstarssmallest2Hilarity soon ensued in the thread, which included jawong2000’s admitted quick realization that the contact by the fake Stars poser via Skype wasn’t what it seemed, that the possible con artist came from a country (Russia) from which such fraud attempts are far too frequent, and even a cameo appearance from PokerStars’ well known Director of Poker Communications, Lee Jones, who confirmed that the contact attempt made to jawong2000 was bogus.

Jones also noted that since Stars already possesses contact info for its players and can open chat connections within the PokerStars software client, the site has no need to employ third-party chat services such as Skype.

Yet the continuing thread misses the point: The fake contact probably wasn’t an attempt to rob jawong2000 of his tournament winnings while the event’s final table was being played.  Instead, it was likely an attempt to ID him, his online IP address, and tie it all to his Stars screen name, for the purpose of launching future attacks and defrauding the player of chunks of his winnings at the cash-game tables.

It’s in that part of the story that the real value of the encounter lies, as a warning to all online poker players not to be running Skype or other third-party communications programs while they’re playing poker online.  That goes for PokerStars or any other site, just as it goes for all communications clients and services, and not just Skype.

First, let’s look at what jawong2000 reported.  While running Skype and chatting with friends while playing at the TCOOP Event #1 final table, he reported being contacted by someone claiming to be “PS Manager,” with a Skype ID of “p.s.manager4” and an origin-country of Russia.

For whatever reasons — and jawong2000 admitted to his naivete — jawong2000 accepted the invite.  The fake Stars employee identified himself as “Eugene” and claimed to be a “regional manager” of PokerStars.  Jawong2000 even posted the following chat from his convo with the fraudster, which is worth preserving as part of the object lesson:

[5:51:30 AM] PS manager: Hello, this is the regional manager of PokerStars – Eugene

We are having problems with your account.
Our technical department noticed successful login attempts from Germany to your account.

You can now answer our questions?
[5:51:31 AM] James —: TCOOP BABY
[5:51:37 AM] James —: WTF?
[5:51:41 AM] James —: im on the FT of TCOOP
[5:51:43 AM] James —: germany????
[5:51:48 AM] James —: thats ****ed up
[5:52:23 AM] PS manager: The fact is that our security department noticed a successful login from Germany, as well as attempts to transfer funds to another player from Germany.
These transfers were blocked by our security system.
[5:52:33 AM] PS manager: Your email has been changed to 1 time [email protected], you use this email?
[5:52:42 AM] James —: i dont know who u are
[5:52:46 AM] James —: i dont know if this is REALLY pokerstars
[5:52:48 AM] James Wong: im calling poekrstars right now
[5:52:57 AM] PS manager: its joke
[5:52:57 AM] PS manager: gl man
[5:53:02 AM] James Wong: r u fkn with me
[5:53:05 AM] PS manager: ;d
[5:53:06 AM] James —: thats not funny
[5:53:08 AM] PS manager: eeeeeeeeeeeee
[5:53:10 AM] PS manager: gogogog man
[5:53:12 AM] PS manager: just do it
[5:53:14 AM] James —: how do i know ure not a scam
[5:53:17 AM] James —: which u clearly are
[5:53:21 AM] PS manager: ohhh maaaan
[5:53:26 AM] PS manager: am just kidding
[5:53:30 AM] PS manager: gl at final table
[5:53:52 AM] PS manager: -1 maaan

Obviously, the scammer’s attempt to get access to the player’s e-mail was blunted, which was good: It is, of course, possible that the Russian scammer simply wanted to get access to the account and attempt to quickly transfer out jawong2000’s winnings.  Yet that’s unlikely to be the -only- thing going on here.

The key complication is that jawong2000 subsequently admitted to having used the very same handle on Skype — “jawong2000” — as he used for his player ID on PokerStars… another huge no-no.  That’s why the Skype-based fraudster was able to locate him, and why jawong2000, even if he blunted the initial contact attempt, still needs to take more security steps.

Skype and other third-party chat services are not designed to provide totally anonymous communications, and users of these chat programs are able to identify the IP addresses of those other chat users with whom they communicate.  In the case of jawong2000, that’s a problem: The Russian “Eugene” scammer now has his IP address, which is online home, and has confirmed that the Skype user of “jawong2000” is the same person as the online poker player.

This takes us to the topic of DDOS attacks, an old bugaboo of online poker which has resurfaced over the past couple of years.  Since online poker’s and online gambling’s earliest days, gambling sites themselves have been targeted with these DDOS (Distributed Denial of Service Attacks), in which the sites are extorted via a temporary takedown of their connectivity.  The DDOS attack works by mobilizing a zombie army of infected computer (a botnet of sorts) into flooding the targeted site with virtual tons of bogus traffic.  The targeted site is often disrupted as a result.

Those attacks against the sites themselves continue, and be on the increase again after a lull of a few years.  However, a new twist has been added, reported by players themselves: DDOS attacks launched against the identified IP addresses of specific players, while involved in large cash-game pots or in sit-‘n-gos: The targeted player is knocked offline by the attack, the site’s software assumes a disconnection has occurred, and the pot is awarded to the other player, who in these cases is the one who’s launched the attack.

It’s a problem, and it’s why online poker players should never use chat services while playing.

In the case of jawong2000, he’s now ripe for abuse, and he needs to do two things immediately.  These things, of course, apply to all online players:

1) Change his IP address.  This may mean getting a new internet connection, or in the case of dynamically-assigned IP addresses from an Internet service provider, ensuring that one has received a new IP address by leaving and relogging into the host service (verifying a different IP address has been assigned);

2) Changing his Skype name, and making sure that his online-poker handles are unique to online poker.

It is likely that Stars staffers have already advised jawong2000 to do these things, of course, but it’s in the exposure of this that the rest of us can learn as well.  Online poker is only safe to play when it’s done with psuedo-anonymity, meaning only you and the site you play on know who you are.  Take the experience of jawong2000 to heart, and protect your online ID.

Up To $3,000 in Bonuses! Play Now
100% up to $3,000 Bonus

Bovada is our most recommended ONLINE CASINO and POKER ROOM for US players with excellent deposit options. Get your 100% signup bonus today.

Be the first to comment

Leave a Reply