Super Bowl XLII attracted an estimated $16 billion in wagers, a survey published in February by The American Gaming Association (AGA) found.

Most bets are made through sports-betting apps, making bets easy and efficient.

The popularity of sports betting, along with the frequent transfer of money, makes it a prime target for malicious attacks, according to cybersecurity company HUMAN.

HUMAN’s Satori Threat Intelligence & Research shared Super Bowl findings related to cybersecurity in these apps. The most prevalent ways that bad actors attempted to profit off consumers were account takeover and account fraud attacks.

Fraudsters go where the money goes. They are only motivated by money and opportunity, per the report. Overall traffic began to increase during the last 180 days of the National Football League (NFL) season.

Traffic rose during the beginning of the playoffs in January — doubling at the start of the big game.

One tactic used by bad actors is to hide among the masses who flock in droves to sports-betting apps during major gambling events.

Traffic during the game on the site was split between bots and humans. The bots followed the authentic human traffic attempting to hide the motives, but during the game they had minimal dropoff.

The day of the game had the lowest account-takeover attempts, but malicious login attempts accounted for more than 20% of total login attempts — up from 12% in January.

The fraudsters were likely trying to gather large amounts of accounts prior to kickoff so they could sell them on the dark web before the start of the game, or so they could ensure that compromised accounts were integrated into their larger purchasing bot with enough time left to place wagers on those compromised accounts, according to the report.

The popularity of sports betting and the frequent transfer of money makes it a prime target for malicious attacks, cybersecurity company HUMAN says.