London 2012 Olympics Scams Spotted
Cybercriminals are using another major sports event to scam users into giving out personal information.
We recently encountered a spam campaign that makes use of the “London 2012 Olympic Games” to give credence to their malicious scheme. The spammed messages have been crafted to make the recipients think they won a contest related to the said event.
We analyzed two spam samples. The first sample has a .DOC file attachment that the users are asked to fill out. The file asks for personal information such as the recipient’s name, address, and mobile phone number, among others. Instead of asking them outright to provide this information in the message’s body, the scammers instead opted to attach the .DOC file most probably to bypass email filters.
 |
The second sample was more direct. The spammed message informed the recipients that they won a so-called ”London 2012 Olympics Lottery,” supposedly sponsored by the National Lottery Board of the United Kingdom. However, before they can claim their prize, they first have to call a specific number, reply to the message (via email), and provide some personal information.
 |
This is not the first scam to leverage the “2012 London Olympic Games.” We have seen others take advantage of the fans of the said event as early as October 2008.
Sports events are frequently used as social engineering lures for scams. In fact, right around this time last year, cybercriminals used the “2010 FIFA World Cup” to launch a very similar 419 scam. It informs the spam recipients that they won a lottery that was organized by the same people behind the said sports event.
We’ve also seen a ticket scam in relation to the said event. In this campaign, the users are offered tickets to the said event so the cybercriminals can steal their online banking information.
If the trend continues, the attacks we’ve seen so far are only the first of several others that will leverage the “2012 London Olympic Games.” Users are thus strongly advised to ignore similar email messages. Those looking for more information on the said event should opt to directly visit the event’s official website (http://www.london2012.com) instead of relying on search engine results, as we’ve also seen blackhat search engine (SEO) attacks use sporting events to lure users into downloading FAKEAV variants.
Post from: TrendLabs | Malware Blog – by Trend Micro
London 2012 Olympics Scams Spotted
Spotlight
Cloud Computing
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet