The financial stakes in professional sports have never been higher, and neither have the dangers facing the people who play them. As athletes command record earnings and endorsement deals, they have become irresistible marks for a sprawling criminal enterprise that operates across multiple fronts: from trusted advisers stealing millions to AI-powered deepfake scams to sex trafficking schemes disguised as offers from porn stars.
The old playbook for fleecing wealthy athletes was straightforward. An agent or manager would betray their trust, making fraudulent decisions in the shadows until the damage was irreversible. That model still thrives. In 2025, Shohei Ohtani's interpreter and de facto manager Ippei Mizuhara was sentenced to 57 months in federal prison for stealing roughly $17 million from the baseball superstar's bank account to cover gambling debts. The previous year, New York convicted investment adviser Darryl Cohen of defrauding three NBA players, Chandler Parsons, Courtney Lee, and Jrue Holiday, of more than $5 million. Cohen's schemes included pressuring them to buy wildly overpriced life insurance policies and orchestrating unauthorized transfers that prosecutors say went toward constructing a luxury gym in his backyard.
But the digital age has opened far more dangerous and creative avenues of attack. Researchers at the consultancy firm EY documented nearly $1 billion in alleged losses suffered by professional athletes from 2004 to 2024, with the pace accelerating sharply in recent years. That figure, culled from public court records, almost certainly understates the true toll since many victims never come forward.
Athletes today face what EY calls an "expanding array of threats." Beyond traditional schemes like extortion and embezzlement sits a newer arsenal: sports betting fraud, unauthorized exploitation of their Name, Image and Likeness rights, and deepfakes manufactured using artificial intelligence. Social media, which athletes use to build their brands and connect with fans, has become a liability. A holiday photo reveals when a home sits empty. A birthday announcement provides a data point for social engineering.
The biographical information readily available on collegiate and professional athletes is staggering in its detail and comprehensiveness. Names, birthdates, places of birth, phone numbers, home addresses, email addresses, social security numbers, educational histories, family backgrounds, hobbies, and income estimates are all accessible through public records, data breaches, or simple internet searches. Criminal organizations have used this trove to construct convincing impersonation attacks.
In March, the NFL Players Association warned teams of a phishing scheme in which an unnamed American man posing as adult film star Teanna Trump targeted multiple NFL and NBA players. The con operated in layers: first, he offered sexually explicit videos; next, he impersonated an Apple customer support representative to trick players into surrendering their login credentials; finally, with access to their accounts, he embarked on unauthorized spending sprees. Prosecutors allege that Kwamaine Jerell Ford, the accused perpetrator, later expanded the scheme into sex trafficking.
Ford was convicted in 2019 of hacking into more than 100 Apple accounts belonging to athletes and rappers. Yet while in federal custody, he allegedly orchestrated the phishing scam. In 2021, prosecutors say he posed as the adult film star and recruited a woman into commercial sex acts with professional athletes by falsely promising to advance her modeling career. Ford was ordered held without bail pending trial after denying all charges.
What makes athletes particularly vulnerable is the collision between their public visibility and their lack of professional cybersecurity infrastructure. A senior executive at a Fortune 500 company typically works within a corporate ecosystem fortified by dedicated security teams and rigorous protocols. An athlete, by contrast, is young, often inexperienced with digital threats, and frequently distracted during travel. Their job demands public exposure, so physical security dominates the conversation: bodyguards, not firewalls.
Dr. Chris Pierson, founder and CEO of BlackCloak, a cybersecurity firm that protects high-net-worth individuals including sports stars, described how attackers have adapted. "What happens after everyone's on the pitch? First thing they do is go down to the locker room, they give the interviews and all the rest, you have great high quality audio, you have great 4K video," he said. "You can go and do an impersonation attack, you can do a deepfake over the phone, you can call mom and dad."
Since college athletes gained the right to monetize their NIL in 2021, the financial incentive to maintain visible social media presences has intensified. That visibility creates what Pierson calls an expanded "attack surface." A single athlete becomes dozens of targets when criminals factor in family members, friends, and associates. One professional basketball player was compromised when hackers embedded malware in popular online games, knowing his children played them. The infected game updates created a backdoor into the family's home network, giving criminals access to devices throughout the house, including the player's personal laptop and smartphone.
In another case, an NFL player had home security cameras installed without adequate password protection or firewall security. Had the system been breached, criminals would have gained access to footage from inside and outside the residence, allowing them to monitor when the player was away and plan burglaries accordingly. Such targeting is not theoretical. England forward Raheem Sterling returned from Qatar during the 2022 World Cup after armed intruders broke into his home near London.
The scope of cybercrime losses extends far beyond athletes. The FBI's Internet Crime Complaint Center reported that Americans lost more than $20 billion to cybercrime last year, a 26 percent jump from the previous year. Sports, however, faces disproportionate targeting. Research by the UK National Cyber Security Centre found that at least 70 percent of surveyed British sports organizations had suffered at least one cyber breach or incident, more than double the rate for general UK businesses. The NBA's Houston Rockets fell victim to a ransomware attack in 2021. The NFL's San Francisco 49ers were hit the following year.
As artificial intelligence tools proliferate, the sophistication of these attacks continues to climb. Deepfakes have become nearly indistinguishable from authentic audio and video, making voice impersonation calls far more convincing. The combination of readily available personal data, ubiquitous social media presence, and newly accessible AI tools has created what security experts describe as a perfect storm for criminals targeting athletes.
Author James Rodriguez: "The sports world is learning an expensive lesson: fame and wealth make you a target, and Instagram followers are not a substitute for actual cybersecurity."
Comments