Spammers are abusing affiliate programs to promote online casinos, such as Raging Bull Casino, Sports and Casino, Ducky Luck, and Royal Ace Casino, with misleading emails.
Many of the larger online casinos utilize an affiliate program that allows other websites or influencers to promote their products and earn a commission for anyone who signs up for an account.
To refer users, the affiliates will create specially crafted URLs that contain an affiliates ID or drops a cookie that allows the casino to give them credit when a referral registers a new account.
This week, BleepingComputer was told about an online spam campaign conducted by affiliates of online casinos that are bombarding users with misleading emails stating they won the ‘Grand Prize,’ that a large cash payout is ready, or that the recipient needs to confirm their account.
After being told about the campaign, we took a look at the spam folder for one of our emails accounts and saw that we too are heavily targeted with this spam campaign, as shown below.
While Gmail has done an excellent job marking these types of emails as spam, other free email services may not do as good of a job, and the spam could make it into the general mailbox.
For example, below are two affiliate spam emails for Raging Bull Casino and Royal Ace Casino. You can see that they promise a payout of $3,500 or a betting strategy will be shared after confirming their online account.
When clicking on the links, the user is redirected through another site that drops an affiliate cookie and then redirects them to the casino.
As you can see below, the redirection to Raging Bull Casino includes the affiliate ID (affid) in the URL so that the affiliate can get credit for the signup.
As you can imagine, when you sign up for the account expecting a nice payout waiting for you, there is no payout waiting for you. Instead, the only one making money is the affiliate who sent you the email.
BleepingComputer has reached out to the online casinos listed in the article and their affiliate managers, if available, but did not receive a response.
If you receive these types of emails, simply mark them as spam so that your email provider’s spam filters will be trained to recognize them in the future.