The headline of today’s Scam of the day is very precisely worded.  FanDuel, the online sports gambling site did not suffer a data breach, however, its customers did.  This is because a data breach at Mail Chimp, an email marketing company used by FanDuel to send out FanDuel’s newsletters did result in FanDuel’s customers having their names and emails stolen.  While this information is not as directly harmful as having your Social Security number compromised, it is still significant because this information places FanDuel’s customers at an increased risk of spear phishing emails.  This data breach is just another example of the fact that regardless of how good you are at protecting your personal information, you are always at risk of having that information compromised by third parties who have your information.

We are all familiar with the term “phishing” which is when you receive an email from a scammer or identity thief posing as someone else to lure you into either clicking on malware infected links or provide personal information.  While phishing emails can be convincing, they are not nearly as convincing as a “spear phishing” email which is a phishing email specifically tailored to you and your interests.  Unlike phishing emails, spear phishing emails will contain your name and refer to a company with which you do business or some other topic that the scammer knows is something of great interest to you.

With the NFL playoffs continuing and the Super Bowl not far off there will certainly be increased interest in gambling on these games and users of FanDuel should expect to receive spear phishing emails from identity thieves and scammers posing as FanDuel that may appear quite legitimate.


As always, you should never provide personal information or click on links in emails or text messages unless you have absolutely confirmed that the communication you receive is legitimate.  In the light of the Mail Chimp data breach, customers of FanDuel should be particularly skeptical of any emails they receive either asking for personal information or providing links.  In addition, if you are a FanDuel customer and haven’t already done so, in addition to making sure you have a strong, unique password for your FanDuel account, you should also set up dual factor authentication for further protection.

If you are not a subscriber to and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and type in your email address on the tab that states “Sign up for this blog.”