For years we’ve had to worry about identity theft when shopping online, filling out job applications, and recycling our mail. But now criminals have even invaded that most American of pastimes: football. Or at least fantasy football.
An American Express study found that a whopping 74.7 million Americans plan to play fantasy football this year, and 71 percent expect to spend real money on their fantasy leagues—an average of $107 per player. The Fantasy Sports Trade Association offers a much higher estimate, suggesting the average fantasy player (across all sports) spends a whopping $556 per year on league-related costs.
For a multibillion-dollar industry, fantasy football is not heavily regulated, and specific identity theft statistics are tough to come by. A high-profile class action lawsuit was filed in federal court late last year that accused two popular fantasy sites—DraftKings and FanDuel—of negligence, fraud, and false advertising.
As cybercriminals are well aware, fantasy leagues ask players to share a whole lot of private data, from hometowns and dates of birth to credit card numbers. In fact, to better verify players’ identities, FanDuel asks some players to provide their Social Security number and birthday. If players win more than $600, they are also required to provide personal information for tax purposes.
The best ways to protect yourself when playing fantasy football, or any other fantasy sports, are not unlike the identity theft protections you should use when shopping, using social media, or engaging in other activities online.
First, don’t provide a lot of personal detail in your online profile, even if you’re just playing with friends—assume the information could be stolen. Providing personal data like SSNs to online sites is always risky, so you need to know when it’s necessary. Sometimes there’s no choice but to divulge your SSN, but other times you should avoid doing so—yes, even if that means switching to another fantasy site or avoiding online fantasy leagues entirely.
Second, follow these tips to set a strong password, preferably using a combination of numbers, symbols, and uppercase and lowercase letters. For fantasy football, this should be easy—maybe use the initials of your favorite player, followed by his uniform number and a dollar sign.
Third, be aware of where you’re logging on to check your fantasy standings. Avoid Wi-Fi at coffee shops and other public spaces, where it’s often easy for cybercriminals to break in. Either use a virtual private network (VPN) or log in at home over your private Wi-Fi, which you can secure.
And last but certainly not least: Don’t open emails unless you know and trust who sent them. Phishing emails and malware can do a lot of damage, so make sure you don’t click through links or open attachments in unsolicited emails that appear vaguely related to your fantasy league.