The Winning Poker Network has sent an email to its entire database warning players to be aware of fake phishing emails disguising malicious payloads.
Last night, dozens of players (possibly more) with accounts at Americas Cardroom, Black Chip Poker, Ya Poker and True Poker received emails purporting to be from the Winning Poker Network. The email advises players that their deposit has been successfully completed and invites them to click on a link to review the transaction.
The link does not lead to a transaction report, but instead hides a script contained within a .rar file that can download malware onto players´ computers. Due to the unusual nature of the email – it was a deposit confirmation supposedly sent by the network rather than a specific site – many players wisely got in touch with customer support to check its authenticity.
The Winning Poker Network´s customer support quickly confirmed the emails were fake and advised players to delete them. An email was subsequently sent to all players with accounts at sites on the Winning Poker Network warning players to be aware of the fake phishing emails and explaining how they can tell whether it is an authentic email or not.
Details of the Fake Phishing Email
The phishing email seen by PokerNewsReport.com was a novice attempt compared to some of the more sophisticated emails sent by cybercriminals. It contained typos, was addressed “Dear Friend”, and sent to players who had not necessarily made a recent deposit. However, it is likely that some players may have clicked on the link out of natural curiosity.
The email was allegedly sent from Kevin in the WPN Support Team and attempts at making it look genuine included having the firstname.lastname@example.org email address as its “from” address (an easy deception if you know how), including the WPN´s support telephone number in the email and a link to a WPN survey hosted on the surveymonkey.com web site.
Click on the screenshot below to see the full image of the WPN phishing email:
Players who inadvertently clicked on the “Deposit Details” link within the email should take the following actions:
- Disconnect the device on which you opened the email from the Internet, your WiFi service and the rest of your network.
- Unless you have a recently created restore point prior to when you opened the email, back up all your files onto a removable device.
- Run a full virus scan, ignoring any messages telling you that your anti-virus software cannot connect to the Internet.
The virus scan should pick up any malicious payload delivered by the email as it was not a very sophisticated phishing attempt. However, some malware can lay dormant for several days before activating, so it would be better not to use the device for the rest of the week and run another full virus scan on Saturday or Sunday. Alternatively, take the device to a security professional for a full check-up.
Please note that restoring your device to a previous restore point or deleting any virus found by a virus scan may not prevent you from becoming a victim of fraud. Certain types of malware record the keystrokes you enter when visiting online banking sites and social media sites – particularly usernames and passwords. To ensure your online security, it is recommended to change all your passwords and register with a credit bureau to have a free fraud alert placed on your credit and debit cards.
Advice about Phishing Emails from the Winning Poker Network
The email from the Winning Poker Network offers valuable advice about identifying fake phishing emails – not only those allegedly from the network, but from any source. It states that no email should ever ask you to divulge usernames and passwords, nor any other type of personal information. If the email comes from a source you do not recognise, never open files attached to it or click on a link.
WPN´s fast response to this event is indicative of the importance sites affiliated to the network place on player security. Although some US-facing affiliates will argue differently, just because an online poker site operates from an offshore location, it does not mean it is unsafe for players or that their funds are at risk. We believe the Winning Poker Network demonstrated its commitment to keep players safe from online threats in the most responsible way possible.