Though UK police have made a couple of arrests for London Olympics scams, creative cyber-crooks don’t get scared that easily. Now, they’ve gone phishing.
Scammers continue to find inspiration to create new London Olympics dirty tricks, this time via e-mail. Bitdefender Labs clinched the new phishing attempts that try to lure people into sending their personal information for a bogus award varying from 500,000 to 1 million pounds.
One such e-mail comes with an attachment entitled “Attn Beneficiary”, and doesn’t have a single word written in the message.
Allegedly from an Agent “Doctor” Richard, the attachment asks users to disclose and send data such as full name, age, permanent address, occupation, city, and country. This data is enough for scammers to steal users’ identity.
To make it more credible, scammers added a bar code and a lot of numbers to the letter. Though, the scam hasn’t been brushed up to catch Spamglish grammar mistakes. “We are happy to announce to you that Your email address as indicated was drawn and attached to ticket number 008795727498 with serial numbers BTD/9080648302/2012, and drew the lucky numbers 13-15-16-21-34-36-(8) which subsequently won you the total sum of £1,000,000GBP) ONE MILLION BRITISH POUNDS,” the phony message reads.
“The draws registered as Draw number TWO was conducted in (LONDON, UNITED KINGDOM) These Draws are commemorative as such special that you do not need to buy any ticket to enter the draws. It is online Process.”
The second fraud attempt Bitdefender labs spotted is an image scam containing a less colorful letter allegedly coming from the London Olympics staff. This time, users have “won” a smaller prize (500,000 pounds) from a “Worldwide E-mail Balloting”. It also asks for personal details that, once collected, are a common source for identity theft.
To give an official air to the scam, both letters include links to legit London 2012 websites, and what seems to be a UK phone number. However, you will be surprised to call and hear the most bizarre “British” accent, because the number is based on Call forwarding, which makes the country of origin anywhere in the world but in UK.
“We are aware of cases where emails are sent falsely claiming to be from London 2012, or other organizations involved in the Games, but that are actually the first step in a fraud scam,” London 2012 representatives said.
“They typically encourage the recipient to reveal information such as bank details or to part with money as an up-front payment in order to release a prize. London 2012 will only ever use a secure website to collect personal or bank card details.”
Emails and letters informing the recipient they have won an “Olympic lottery” they haven’t entered are the most common scams. Another trick that has been making rounds is informing users they can apply for a job at the Games for a fee.
UK authorities are also aware of more damaging e-threats. Cabinet Office Minister Francis Maude has warned London 2012 Olympics “will not be immune” to cyber attacks. In 2008, Beijing had to deal with 12 million cyber attacks, and one single criminal group stole more than $3.5 million selling bogus online tickets.
In June, UK Police made four arrests for London Olympics online fraud as part of an investigation into the unauthorized sale of tickets. Detectives from Operation Podium cuffed three men (aged 33, 39 and 44) and a 46 year-old woman, but let them out on bail until early July.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This article is based on the technical information provided courtesy of Alin Damian, Bitdefender Online Threats Analyst, Daniel Ichim, Bitdefender Spam Researcher, and Ionut Raileanu, Bitdefender Spam Analyst.