article featured image


Spammers, threat actors who send irrelevant or unsolicited messages over the internet to large numbers of users to spread malware, strike again! This time, they are exploiting affiliate programs to advertise online casinos such as Ducky Luck, Raging Bull Casino, Sports and Casino, using deceptive emails.

Multiple important online casinos use an affiliate program that enables other sites or influencers to advertise their merchandise and receive payment for everyone who registers an account.

To transfer users, the affiliates will design specially crafted URLs that include an affiliates ID or release a cookie that enables the casino to give them credit every time a referral signs up for a new account.

According to BleepingComputer, an online spam operation organized by affiliates of online casinos is flooding users with bogus emails announcing they won the ‘Grand Prize,’ that a large cash payout is ready, or that the recipient needs to confirm their account.

A constant stream of online casino spam


Even if the free email service provided by Google Gmail did a great job marking these types of emails as spam, there is a possibility that other email services may not perform as well, allowing the spam to make it into the general mailbox.

Below you can see a spam email for Raging Bull Casino where they promise a $3,500 reward.

Spam email from Raging Bull Casino affiliates


When clicking on the links, the user is redirected via another website that releases an affiliate cookie and then redirects them to the casino.

For instance, the redirection to Raging Bull Casino includes the affiliate ID (affid) in the URL so that the affiliate can get credit for the signup.

Online Casino site with affiliate ID in the URL


After you sign up for the account and happily wait for the payout they have promised, you’ll probably be surprised to find out there is no money waiting for you. The affiliate who sent you the email is the only one who’s making money in this case.

Email bombing is a form of cyberattack seen in many unrequested emails sent to your address. It can have negative outcomes for organizations by weakening their communications, but the impact is also problematic for individuals.

When receiving these types of emails, just mark them as spam so that your email provider’s spam filters will be able to recognize them next time.

Our Heimdal™ Email Security and Heimdal™ Email Fraud Prevention work in tandem with the Office 365 suite to increase protection in Outlook. By their powers combined, they form our Advanced Email Security module, which protects your enterprise against a variety of email-based threats, including spam, malware, phishing, DNS high jacking, CEO fraud, and other forms of BEC.

Heimdal Official Logo
Email is the most common attack vector used as an entry point into an organization’s systems.

Heimdal® Email Security

Is the next-level email protection solution which secures all your incoming and outgoing comunications.
  • Completely secure your infrastructure against email-delivered threats;
  • Deep content scanning for malicious attachments and links;
  • Block Phishing and man-in-the-email attacks;
  • Complete email-based reporting for compliance & auditing requirements;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *