At a time when PointsBet is exploring options to leave the US and North American markets, a phishing attempt has been made. On 11th of May 2023, PointsBet USA, the division of the well-known Australia-based sports and gaming entertainment company, stated that its system email communications had been temporarily halted after a third-party provider sent emails involving cryptocurrency. The company admitted that the email contained communication that wasn’t official, and it urged its customers to delete the email, not click on any links within the message, or respond to it. PointsBet said that the temporary halt of email communication would be in effect until the matter was fully resolved with the third-party provider.
— PointsBet Sportsbook (@PointsBetUSA) May 11, 2023
Less than two hours after the initial statement was released, PointsBet identified the issue as a phishing attempt. The culprits sought to lure customers by offering different prizes, and in this case, cryptocurrency was involved. They promised to double the funds in customers’ crypto accounts in exchange for receiving crypto. PointsBet hinted at plans to exit the US and North America, but the company has not yet made a move in that direction.
Although PointsBet admitted that there was a phishing attempt, the company reiterated in its second statement that the email was the result of a third-party company. PointsBet apologized for any inconvenience and confirmed that the third-party provider did not have visibility of personal data. The company confirmed that there was no breach of core player account management or internal systems.
According to screenshots shared on social media by customers of the company, the email was sent from PointsBet’s own domain. The promise to double cryptocurrency was one of the first signs that the email was part of a phishing attempt. As with most such attacks, there may be grammatical errors or simple typos that can serve as a warning light for consumers. Despite the explanation and apology, some users on social media showed that they were not happy with the whole situation. They joked about sending millions in crypto to the scammers and asked to receive their crypto doubled as promised. Others criticized the claim that there was no personal information breach, considering that the phishing emails were sent from the company’s own domain.