Charity lottery warns of phishing scam after apparent hack

full-house-lottery-phishing-scam

full-house-lottery-phishing-scamA Canadian charity lottery is warning players to be on the lookout for bogus websites running phishing scams.

For nearly a quarter-century, Alberta’s Full House Lottery has been raising funds for the province’s medical needs, contributing over $70m toward things like MRI technology and advanced medical research. Full House is the province’s largest home lottery.

On Sunday, Full House Lottery posted a notice to its Facebook page warning players that a phishing operation was emailing people who’d previously purchased Full House Lottery tickets, inviting them to register for “early VIP tickets” at FHLottery.ca – not the Lottery’s official website FullHouse.ca – while requesting all sorts of personal information, including credit card data.

Full House Lottery warned that it had no association with the bogus website and it was not actually selling any early VIP tickets. Full House Lottery went on to say that it doesn’t “rent, sell or share our mailing list,” nor does it store players’ credit card details.

Of course, that doesn’t explain how the scammers got hold of the Full House Lottery player email addresses. Full House Lottery manager Frank Calder told Global News that his group still doesn’t know how or when the breach occurred, but it was likely that “someone hacked the email list that we have and probably a few thousand people were sent a fake email” from the phishers.

The FHLottery.ca website has since gone dark, and Calder said the authorities have been alerted to the scam. Calder insisted that the Lottery took its data security responsibilities seriously but “that’s the world we’re in right now … Hackers can break into the most sophisticated organizations in the world and we can’t expect that we’re immune from that.”

Calder can at least take solace in the fact that the phishers were just in it for the money, unlike the hackers that infiltrated the data networks of Ontario’s Casino Rama last year. Those digital thieves made off with over a decade’s worth of customer, employee and vendor data, which they then proceeded to post online, apparently as a means of embarrassing the casino, as no suggestion was made by either side that an extortion attempt had been made.