The Virginia Lottery recognizes National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month, and the Virginia Lottery is proud to be a 2022 National Cybersecurity Awareness Month Champion. At the Virginia Lottery, we take gaming seriously. That means we’re committed to the highest standards of security from physical security at our draw show to Scratchers and playing Lottery games online to securing your online account. 

Here are a few best practices that you can implement today to keep your Lottery account and personal devices secure.

Creating your Lottery account

You can now play your favorite Virginia Lottery games anywhere in Virginia by creating an online account. Creating a Virginia Lottery online account is easy and secure. Follow the steps below to open your account and start playing today.

• Every account is validated using state and/or federally issued identification. No one else can open an account with your name and information.
• Because the Lottery is an age-restricted product, all online accounts are age-verified using the last four digits of your Social Security number.
• Your online deposits and withdrawals are protected when you set up your online player wallet with your chosen payment/withdrawal method.

Another way to protect your account is to enable multifactor authentication (MFA) where applicable. Enabling MFA prompts a user to enter a second set of verification such as a secure code sent to a mobile device when logging in. It’s a simple but effective measure that anyone can use to drastically reduce the chances of a cybersecurity breach. In fact, Ping Identity notes that, according to Microsoft, MFA is 99.9 percent effective in preventing breaches. Beginning in November 2022, all Lottery account password resets and updates will require two-factor authentication to a mobile device.

Establish strong passwords

Having unique, long and complex passwords is one of the best ways to immediately boost your cybersecurity. Because the most secure passwords are long passwords, your Lottery password can be up to 16 characters. Consider using a nonpersonal phrase with both upper and lowercase letters for your Lottery account password, and don’t forget to update it regularly. A helpful tip is to set a reminder on your personal calendar to update your password at valottery.com and in the Virginia Lottery app every three to six months.

Activate automatic updates

Making sure devices are always up to date with the most recent software versions is essential to preventing cybersecurity issues. Cybersecurity is an ongoing effort, and updates are hugely important in helping to address vulnerabilities that have been uncovered as well as in providing ongoing maintenance. Therefore, instead of trying to remember to check for updates or closing out of update notifications, enable automatic update installations whenever possible for important apps such as your Virginia Lottery app, banking app, email app and your personal device in general.

Watch out for scams

Protect Your Play by staying alert for scams and phishing attempts. Phishing is when a cybercriminal pretends to be a legitimate person or entity in hopes of gaining access to an individual’s personal information. The most common types of phishing attempts use malicious content or links sent through email and text.

Spotting phishing messages is not always easy, and the criminals who use them are becoming more sophisticated. Phony email messages may ask you to reply directly or click on a link that takes you to a fraudulent website that appears legitimate. In either case, the fraudulent email or site will generally ask you to provide sensitive information.

Here are some tips for spotting phony emails and websites.

• False sense of urgency. An email that urgently requests you to provide, confirm, verify or authenticate your personal information likely is fraudulent. 
• Requests for security information. Fraudulent emails often claim that the bank has lost important security information that needs to be updated.
• Fake links and attachments. Phony emails often will contain a link or an attachment that may look valid but is not. To check where a link would take you, move your mouse over the link, and look for the URL in the bottom bar of the browser. If the URL looks suspicious, do not click the link. Do not open any attachment contained in a suspicious email (even an image or PDF).
• Typos and other errors. Fraudulent emails or websites may contain typographical or grammatical errors. The writing may also be awkward, stilted or inappropriate. The visual or design quality may be poor.

Reporting online fraud

Fraudulent emails and websites are designed to deceive you and can be difficult to distinguish from the real thing. Disguised as legitimate emails or sites and claiming to be from sources you trust, these messages and sites attempt to get you to provide personal and confidential information. You should be suspicious of any email that requests personal or account information. Should you receive such a message, assume it is a scam. Do not respond to the sender, and do not, under any circumstances, provide the requested information. You may report any suspected illegal online activity to the Virginia Attorney General's office at cybercrimeunit@oag.state.va.us

For more on the Lottery’s physical security measures, visit our Lottery security page.