What are Bots Costing Gaming and Betting Companies?
Published: 24/08/2021

What are Bots Costing Gaming and Betting Companies?

  • Alex McConnell, Cybersecurity Content Specialist

3 minutes read

It’s clear that those in the gaming and betting industry are keenly aware of the financial harm betting bots can do. In fact, around 65% of gaming and betting websites and 78% of gaming and betting mobile apps were attacked by automated betting bots between 2020 and 2021. What are the long-term effects of these attacks on the industry as a whole?

What are the top bot threats to gaming and betting businesses?

Web scraping and arbitrage betting

Web scraper bots are one of the most commonly reported threats to gaming and betting sites, with 36% of the businesses we surveyed listing web scraping in the gambling industry as an issue. Arb betting is a controversial tactic that takes advantage of unbalanced odds across bookmakers and betting exchanges, guaranteeing profit on specific bets no matter the outcome. The cost of serving the requests made by scraper bots is significant, accounting for the bulk of all traffic on bookmaker sites at peak times.

As user accounts on gaming and betting sites and online casinos often contain financial details and balances, they are a prime target for account takeover attacks. In fact, 46% of the businesses we surveyed within the industry had seen account takeover attacks launched on their website.

User accounts are often stolen via phishing attacks, data dumps or bought from sites like the Genesis Market. Even if an account for another website or service entirely is compromised, bot operators take advantage of the fact the same passwords are routinely reused across accounts. Criminals use credential stuffing bots to verify the validity of login details, or to launch “brute force” attacks if login details are incomplete.

Repatriating accounts and returning lost assets is costly for gaming and betting businesses, despite often being out of their control. It is usually in part the fault of the customers themselves for poor password hygiene, or another business that had their users’ account details leaked.

Fake account creation and bonus abuse

Many gaming and betting sites offer signup bonuses or credits to new customers to encourage them to use their site over that over a competitor. While this is a great way to attract new customers, many threat actors use bots to take advantage of this system by creating multiple fake accounts, or hacking into the accounts of new customers, to maximize the signup bonuses available.

It has been found that approximately 20% of new registrations to gaming and betting sites were created by previously active users. While it is difficult to estimate the cost of bonus abuse without visibility of bot traffic, some estimates suggest it is about 15% of total revenue.

A significant impact on gaming and betting websites

While these attacks are very costly to bookmakers, the first step in minimizing their impact is to recognize they are happening and put a plan in place to stop them.

Unfortunately, most businesses surveyed reported that, in most cases, it took two to three months to realize there had been an attack. In this case, a real-time detection and mitigation solution is needed.

Netacea’s next-generation bot management solution

At Netacea, we don’t just ask, “Is this a bot?” Instead, we ask, “What is this user’s intent?” By monitoring web log data on the server side, we gain a full picture of website, mobile and API traffic and use advanced AI and machine learning to analyze this in real time. This allows us to mark out malicious bots and block their access, dramatically cutting down infrastructure costs and the risk of attacks being carried out by bad actors.

Schedule Your Demo

Tired of your website being exploited by malicious malware and bots?

We can help

Subscribe and stay updated

Insightful articles, data-driven research, and more cyber security focussed content to your inbox every week.


By registering, you confirm that you agree to Netacea's privacy policy.