The much-anticipated 2012 London Olympics is set to kick off this Friday.
As the event draws nearer, we expect to see online attacks riding on different Olympics-related activities. Sure enough, we saw this interesting Facebook wall post regarding the said event:
The site, hosted on the domain liveolympictickets(dot)com, appears to offer tickets for sale. Moreover, the site uses the colors and look and feel of the official site:
Exploring the site, I found that clicking on the blue tab Olympic Tickets – Buy Tickets for the London 2012 Olympics leads to other pages within the site that mimics normal online transaction pages, such as details about the items to be purchased. In this case, if the user proceeds with the transaction, he/she can choose which games to watch:
However, towards the end, the user is asked for their personal details:
After this, the site asks the user to continue with the payment by entering credit card details or choosing another payment method:
The final page shows that the user’s order has been “confirmed.”
We checked the official website of the London Olympics, where it was possible to check if the ticket vendor was legitimate. However, the site was not recognized and therefore unauthorized to sell tickets. The rest of our investigation shows that it is indeed a phishing page set up to capture user information.
Additionally, we also saw a lot of newly created domains related to this event that included keywords like “2012 london summer games,” “2012 olympic ticket,” “britain olympics 2012,” “olympic 2012 ticket” and other variations thereof.
We already block all malicious URLs involved via the Web Reputation Service; therefore Trend Micro customers are now protected via Trend Micro Smart Protection Network.
For complete information on the latest Olympic-themed threats—including quizzes and safety guides, you can visit Race to Security, the Trend Micro security guide to major sporting events such as the Olympics, by clicking the banner below: