Blog de Zscaler

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Suscribirse
Security Research

London Olympics Email Scams (updates)

image
THREATLABZ
July 31, 2012 - 3 Min de lectura
In light of the popularity of the Olympics knowing that scammers will come out of the woodwork to take advantage of the event – we're continually monitoring for Olympic scams and maliciousness, no matter how unsophisticated. And so far, unsophisticated has been exactly what we have been seeing.

Here is an example of the standard sort of Olympics "lottery" pitch that we are seeing from the scammers over email:

Image
Scam attachment


Below are a few updates for what we are currently seeing today:


Received: from [216.172.135.113] by web5710.biz.mail.ne1.yahoo.com via HTTP
From: Lottery Draws Notice [[email protected]]
Reply-To: [email protected]
Subject: View The E-Mail Attachment And Contact Your Claim Agent
Body: KINDLY OPEN THE ATTACHED FILE
Attachment: 2012 London Olympics Lottery Draws Notice.doc
Scammer email to send data: [email protected]

--

Received: from [173.245.64.182] by web180804.mail.gq1.yahoo.com via HTTP
From: London Olympics 2012 [[email protected]]
Reply-To: London Olympics 2012 [[email protected]]
Subject: Read the Attached Letter
Body: Read the Attached Letter
Attachment: LONDON OLYMPICS LOTTERY.pdf
Scammer email to send data: [email protected]

--

Received: from [209.73.132.40] by web5717.biz.mail.ne1.yahoo.com via HTTP
From: LONDON 2012 OLYMPICS LOTTERY [[email protected]]
Reply-To: [email protected]
Subject: Congratulation
Body: INTERNATIONAL PROMOTIONS LONDON 2012 OLYMPICS LOTTERY
Attachment: LONDON 2012 OLYMPICS 1-1.doc
Scammer email to send data: [email protected]

--

Received: from smtpout.telepacific.net ([208.57.218.234])
From: "Very.co.uk"[[email protected]]
Subject: Account Bonus for Olympics 2012
Body: Dear Customer, Here is a notification that your account is due to be credited. Click on My Account below to accept this offer and also get a discount for the Olympics 2012.
Link: hxxp://contabilidadpymes.cl/images/login/en/index.html
This is a phishing page for very.co.uk online shopping site.

Image
Very.co.uk phish page using Olympics as a driver

--

Received: from [67.195.23.211] by web184804.mail.gq1.yahoo.com via HTTP
From: LONDON OLYMPICS 2012 INTERNET LOTTERY ANNIVERSARY [[email protected]]
Reply-To: LONDON OLYMPICS 2012 INTERNET LOTTERY ANNIVERSARY [[email protected]]
Subject: You have won from London Olympic 2012
Body: Open the attachment
Attachment: LONDON OLYMPICS 2012.doc
Scammer emails: [email protected], [email protected]

--

Received: from User ([217.16.182.244]) by redwood-mtg.com
From: "Mrs. Linda Joseph"[[email protected]]
Subject: London 2012 Olympics Lottery Winner
Return-Path: [email protected]
Body: basic scam email asking for victim banking info to be returned in order to claim winnings (summarized due to length)
Scammer email: [email protected]

--

In addition to these, I’ve seen reports of scams using image files (e.g., JPGs) to by-pass content inspection checks (a common practice among scammers/spammers) containing the same sort of instructions for victims to send their banking information in order to claim their winnings.

In addition to scams, we have seen everything from gambling sites, online shops, TV/streaming services, news / social media sites, and even a florist sending email promotions using the Olympics as a marketing driver.

I will make updates to this post with anything new that I see over email throughout the Olympics, additionally I will make a separate post on the web angle.
form submtited
Gracias por leer

¿Este post ha sido útil?

Reciba las últimas actualizaciones del blog de Zscaler en su bandeja de entrada

Al enviar el formulario, acepta nuestra política de privacidad.