With the 2012 Olympics officially closed, it’s worth looking back at the types of online scams we saw that tried to exploit the good name of the Olympics for illegal profit.
We saw two primary lures for Olympic scams: fake streaming sites, and tickets for sale. These two scams accounted for approximately two-thirds of Olympic-related malicious sites that were encountered in the months of July and August. Other scams encountered included fake mobile apps, illegal TV cards, fraudulent goods, and typosquatting sites.
Fake streaming sites
- The primary purpose of these fake live streaming sites was, supposedly, to offer discounts for satellite TV for PC scams. In general, the sites let users click on fake video players, but clicking on these links instead redirects them to the said scam via legitimate (but abused) URL shorteners like bit.ly. The scammers use this to generate web analytics for their sites. To promote these, events on Facebook are created that link to these scam sites.
- The events most targeted by streaming scams were: tennis, basketball, and athletics. The men’s and women’s tennis gold medal matches were particularly singled out for attention.
- Around two-thirds of the sites created for this purpose used generic keywords like London 2012 Olympics. 17% of the sites were tied in to one match/event, while 8.6% tied to the opening or closing ceremonies. The total number of fake streaming sites was over 300.
- Some of the most used keywords for fake live streaming sites were:
Key Word Percentage 2012 79% Olympics 67% live 63% London 46% stream 43% watch 23%
Bogus Ticketing Sites, Malicious Mobile Apps, Mal-Spam, Illegal TV Cards
- We already reported on the increase in fake ticket sites, but other scams were also encountered. Malicious mobile apps were also spotted like a fake London 2012 Official Game promoted Russian sites and London Olympics widgets that were hosted in Google Play as well as third party stores.
- The most notable email threat was a spam message that falsely alleged US gymnast Gabby Douglas had tested positive for banned substances. A link using the file name london.html led to a Trojan that pretended to be an Adobe Flash Player installer.
- Sites selling illegal TV cards aimed at Japanese users for “free” Olympic viewing were also found.
- An email promoting a so-called “Tibetan Olympics” was also spotted. The email contained a malicious attachment, which dropped an info-stealing malware.
The chart below shows the distribution of Olympic-related URLs based on their category:
(Note: Figures may not add up to 100% due to rounding off.)
For a complete list of threats related to the Olympics, you may visit the Race to Security hub: