Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    Cybercriminals are using another major sports event to scam users into giving out personal information.

    We recently encountered a spam campaign that makes use of the “London 2012 Olympic Games” to give credence to their malicious scheme. The spammed messages have been crafted to make the recipients think they won a contest related to the said event.

    We analyzed two spam samples. The first sample has a .DOC file attachment that the users are asked to fill out. The file asks for personal information such as the recipient’s name, address, and mobile phone number, among others. Instead of asking them outright to provide this information in the message’s body, the scammers instead opted to attach the .DOC file most probably to bypass email filters.

    Click for larger view

    The second sample was more direct. The spammed message informed the recipients that they won a so-called “London 2012 Olympics Lottery,” supposedly sponsored by the National Lottery Board of the United Kingdom. However, before they can claim their prize, they first have to call a specific number, reply to the message (via email), and provide some personal information.

    Click for larger view

    This is not the first scam to leverage the “2012 London Olympic Games.” We have seen others take advantage of the fans of the said event as early as October 2008.

    Sports events are frequently used as social engineering lures for scams. In fact, right around this time last year, cybercriminals used the “2010 FIFA World Cup” to launch a very similar 419 scam. It informs the spam recipients that they won a lottery that was organized by the same people behind the said sports event.

    We’ve also seen a ticket scam in relation to the said event. In this campaign, the users are offered tickets to the said event so the cybercriminals can steal their online banking information.

    If the trend continues, the attacks we’ve seen so far are only the first of several others that will leverage the “2012 London Olympic Games.” Users are thus strongly advised to ignore similar email messages. Those looking for more information on the said event should opt to directly visit the event’s official website (http://www.london2012.com) instead of relying on search engine results, as we’ve also seen blackhat search engine (SEO) attacks use sporting events to lure users into downloading FAKEAV variants.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice