Cybercriminals are using another major sports event to scam users into giving out personal information.
We recently encountered a spam campaign that makes use of the “London 2012 Olympic Games” to give credence to their malicious scheme. The spammed messages have been crafted to make the recipients think they won a contest related to the said event.
We analyzed two spam samples. The first sample has a .DOC file attachment that the users are asked to fill out. The file asks for personal information such as the recipient’s name, address, and mobile phone number, among others. Instead of asking them outright to provide this information in the message’s body, the scammers instead opted to attach the .DOC file most probably to bypass email filters.
The second sample was more direct. The spammed message informed the recipients that they won a so-called “London 2012 Olympics Lottery,” supposedly sponsored by the National Lottery Board of the United Kingdom. However, before they can claim their prize, they first have to call a specific number, reply to the message (via email), and provide some personal information.
This is not the first scam to leverage the “2012 London Olympic Games.” We have seen others take advantage of the fans of the said event as early as October 2008.
Sports events are frequently used as social engineering lures for scams. In fact, right around this time last year, cybercriminals used the “2010 FIFA World Cup” to launch a very similar 419 scam. It informs the spam recipients that they won a lottery that was organized by the same people behind the said sports event.
We’ve also seen a ticket scam in relation to the said event. In this campaign, the users are offered tickets to the said event so the cybercriminals can steal their online banking information.
If the trend continues, the attacks we’ve seen so far are only the first of several others that will leverage the “2012 London Olympic Games.” Users are thus strongly advised to ignore similar email messages. Those looking for more information on the said event should opt to directly visit the event’s official website (http://www.london2012.com) instead of relying on search engine results, as we’ve also seen blackhat search engine (SEO) attacks use sporting events to lure users into downloading FAKEAV variants.