From phishing to porn star impersonators: how scamming athletes became a billion-dollar industry | Sport
WWith sky-high prices for tickets, travel and hotels leaving fans desperate to find an affordable way to attend this summer’s World Cup, it’s no surprise that security companies and law enforcement are warning that fans are at significant risk of being victims of fraud.
While major tournaments are times of heightened vulnerability for fans, throughout the year players themselves are increasingly attractive targets for cybercriminals who can use AI to mount ever more sophisticated attacks.
“As the sports industry reaches record revenue levels, the financial incentives to steal from athletes and make illicit profits have never been higher,” according to a recent report from consulting firm EY. “The playbook of fraudsters and organized crime becomes more and more complex every year, and the risks multiply at all levels of the sport. »
The classic way for rich athletes to become poor was to entrust their financial affairs to their agent or another member of their entourage. These advisors then made foolish or fraudulent decisions that went unnoticed until it was too late.
A recent example of such a breach of trust is that of Ippei Mizuhara, former interpreter and de facto manager of Japanese baseball superstar Shohei Ohtani. In 2025, Mizuhara was sentenced to 57 months in federal prison for stealing approximately $17 million from one of Ohtani’s bank accounts to pay off his gambling debts.
Darryl Cohen, a former investment advisor, was convicted in New York in March of this year of defrauding three NBA players – Chandler Parsons, Courtney Lee and Jrue Holiday – out of more than $5 million between approximately 2017 and 2020. prosecutors called it a “state-of-the-art gym” located in the backyard of Cohen’s home.
The current digital landscape generates new dangers. “Today’s athletes face a growing array of threats as the perpetrators continually devise new ways to exploit their trust and relationships,” the EY report said. “These risks include not only traditional fraudulent schemes – such as rigged poker tournaments, extortion, embezzlement, identity theft and revenue diversion – but also new forms of malfeasance, such as sports betting fraud and unauthorized use of NIL. [Name, Image and Likeness rights].”
Social media, which has long been a tool for players to share their personal lives and better communicate with their fans, has transformed into a security risk: for example, an athlete may share photos from their vacation, allowing potential burglars to know when to break into their house.
Media attention, easy access to biographical information, and weak privacy protections in the United States mean that anyone can quickly find a wealth of personal information about almost any American college or professional athlete: photographs, date and place of birth, height, weight, where they attended school and college, their hobbies, income, and family history. Even phone numbers, home and email addresses, and social security numbers, which are often acquired through massive data breaches. In 2024, it was reported that sensitive documents were leaked in the hack of a single American company.
According to Dr. Chris Pierson, founder and CEO of BlackCloak, a cybersecurity company that provides protection for businesses and individuals, including sports stars, this is a virtual open target for criminals who use AI to create deepfakes (realistic audio, video and images).
“What happens once everyone is on the field? The first thing they do is go down to the locker room, they do the interviews and everything else, you have really high quality audio, you have great 4K video. You can go and do a spoofing attack, you can do a deepfake over the phone, you can call mom and dad,” he says.
College athletes have been allowed to monetize their NIL rights since 2021, creating a financial incentive to share their personal lives. “Their name, their image, everything else is available – and of course you want that to be the case… these people need to have social media profiles,” adds Pierson. “As a result, you know what they’re thinking. It increases that attack surface – as a result, you’re a better target.” Impersonations of beloved sports stars can be used to manipulate fans into transferring money to fraudsters – or to victimize the players themselves.
A team may only have about 20 senior players, but that translates to perhaps 500 potential targets, Pierson says, because cybercriminals often target friends, associates and family members, even their children. “We have quite a few stories of ‘compromising the kids, compromising the adults.’ Once you have the kids, you have a footprint inside the house,” Pierson says.
BlackCloak cites a case study of an anonymous professional basketball player who was the subject of a cyber-attack by criminals who targeted him through his children. “The cybercriminals, aware of the basketball player’s prestigious status and potential wealth, carefully planned their attack. They embedded malware in popular online games, knowing that his children frequently played these games on devices connected to the home network,” the company wrote.
“The malware was designed to be undetectable and operated in the background. Once the children downloaded updates to the infected game, the malware activated, creating a backdoor into the home network. This breach allowed the cybercriminals to access various network-connected devices, including the basketball player’s personal laptop and smartphone.”
Sport is a particularly tempting sector for cybercriminals, according to research published by the UK’s National Cyber Security Center in 2020. It found that at least 70% of UK sports organizations surveyed had suffered at least one cybersecurity breach or incident. This is more than twice the rate at which UK businesses in general have been targeted. Clubs often hold detailed personal data on players and supporters. The NBA’s Houston Rockets were the target of a ransomware attack in 2021, and the NFL’s San Francisco 49ers were hit the following year.
Many actors earn at least as much as senior executives in conventional industries. However, larger companies likely have dedicated digital security teams and rigorous cybersecurity protocols. This is not the case for athletes, where the public nature of the profession means that the emphasis is placed on physical protection: bodyguards. But gamers are often young and inexperienced, bored or distracted during travel and downtime, and glued to cell phones. The small screen can make it more difficult to detect phishing scams compared to a laptop or desktop environment.
Pierson cites another case of a client, an NFL player, who had professionally installed home security cameras, but without adequate password or firewall protection, so the system was vulnerable to hacking. This would have allowed criminals to access cameras and recordings and view footage from inside and outside the home. Athletes are frequent targets for tech-savvy burglary gangs who, like anyone with a computer, can learn match times in seconds and discover exactly when the player will be away from home. England striker Raheem Sterling returned from Qatar and missed a 2022 World Cup match after armed intruders broke into his property near London.
The FBI Internet Crime Complaint Center (IC3) said in its latest annual report that Americans reported more than $20 billion in cybercrime-related losses last year, a 26% increase from 2024. The EY report identified nearly $1 billion in alleged losses suffered by professional athletes between 2004 and 2024, with the rate accelerating in recent years. This figure, taken from public court proceedings, is likely a considerable underestimate of the true amount given the likelihood that many programs will never be made public.
The NFL Players Association provides players with access to third-party assistance to help them resolve cybercrime issues such as identity theft. In March, he informed his agents that anonymous NFL and NBA players had been targeted in an extraordinary phishing scheme allegedly perpetrated by an American posing as an adult film star.
The defendant, Kwamaine Jerell Ford, was convicted of computer fraud and aggravated identity theft in Georgia in 2019 for hacking more than 100 Apple accounts belonging to collegiate and professional athletes and rappers, according to federal prosecutors. Yet early the next year – and while in federal custody – he allegedly ensnared several athletes in another phishing scam that turned into a sex trafficking scheme.
Prosecutors say Ford posed as adult film star Teanna Trump and offered to send sexually explicit videos to athletes, then posed as an Apple customer service representative to trick his targets into sending him their login credentials in order to watch the videos. Once in control of the accounts, Ford reportedly went on a spending spree. Prosecutors further allege that in 2021, “Ford allegedly posed as the adult film star and recruited, deceived and coerced a female victim into engaging in commercial sex acts with professional athletes based on false promises that the film star would advance the victim’s modeling career.” » Ford denied charges of fraud, identity theft and sex trafficking and was ordered in March to be held without bail while awaiting trial.
From BlackCloak’s experience, Pierson says, “The targeting of high-profile and wealthy individuals is reaching an unprecedented level. The damage done there continues to increase, particularly from a financial perspective. AI has only accelerated the pace of this phenomenon and increased the sophistication of threat actors.”
