Spam and phishing

The Rio Olympics: Scammers Already Competing

A few years ago, spammers and scammers were not as interested in the Olympics as they were in football (the World Cup and European Championships). The first major increase in the number of spam messages devoted to the Olympic Games occurred in the run-up to the Winter Olympics in Sochi in 2014. Since then, their interest in the Olympics has shown no sign of weakening and the upcoming event in Brazil is no exception.

Back in 2015, a year before the Olympics in Rio, we registered fake notifications of lottery wins allegedly organized by the country’s government and the International Olympic Committee. Similar emails continue to be sent in 2016. The vast majority of these messages contain a DOC or PDF attachment, while the body of the message includes only a brief text asking the recipient to open the attachment.

The Rio Olympics: Scammers Already Competing

The name of the DOC file, the name of the sender and the subject line of the email often mention the Olympic Games.

The Rio Olympics: Scammers Already Competing

The content of these attachments is fairly standard: a lottery was held by an official organization; the recipient’s address was randomly selected from a large number of email addresses, and to claim their winnings the recipient has to respond to the email and provide the necessary personal information.

We also came across emails without attachments; the text written by the scammers was included in the body of the message.

English is undoubtedly the most popular language used in fraudulent emails exploiting the Olympics theme, but we have also registered messages in other languages, for example Portuguese. In these the spammers stuck to the same story of a lottery win, trying to convince the recipient that the email is genuine.

The Rio Olympics: Scammers Already Competing

In addition to fraudulent spam, we have registered unsolicited advertising messages containing offers for various goods and services that, one way or another, use the Olympics to grab the attention of recipients.

For example, spammers have been pushing new TVs for watching sporting events.

The Rio Olympics: Scammers Already Competing

They also promised to make the recipient an “Olympic champion” with the help of magic pills.

The Rio Olympics: Scammers Already Competing

Taking any of these emails seriously enough to reply to them could well leave you out of pocket. But the biggest hit that sporting fans’ wallets are likely to take are from fake ticketing services. We are constantly blocking dozens of newly registered domains with names containing the words “rio”, “rio2016” and so on. Each of these domains hosted good quality imitations of official services offering tickets to sporting events at this summer’s games in Rio de Janeiro.

The Rio Olympics: Scammers Already Competing

The scammers register these domains to make their sites look more credible; for the same purpose, they often buy the cheapest and simplest SSL certificates. These certificates are registered within a few minutes, and certification authorities don’t verify the legal existence of the organization that has issued the certificate. The certificates simply provide data transfer over a secure protocol for the domain and, most importantly, gives fraudsters the desired “https” at the beginning of their address.

The Rio Olympics: Scammers Already Competing

If you examine the whois data for such domains, you will find that they have only been registered recently, for a short period of time (usually a year) and in the names of individuals. Moreover, the detailed information is often hidden, and the hosting provider could be located anywhere, from Latin America to Russia.

The Rio Olympics: Scammers Already Competing

The sites are necessary to implement a simple scam whereby the phishers ask for bank card information, allegedly to pay for tickets, and then use it to steal money from the victim’s bank account. In order to keep the buyer in the dark for some time, the scammers assure them that the payment has been received for the tickets and that they will be sent out two or three weeks before the event.

The Rio Olympics: Scammers Already Competing

As a result, the criminals not only steal the victim’s money but deprive them of the chance of attending the Olympics – by the time they realize they won’t be getting the tickets they booked it will be too late to buy genuine tickets… especially if there’s no money in their bank account.

According to our information, the creation of these fake sites usually involves international cybercriminal groups, each fulfilling its own part of the scam. One group creates a website, the second registers the domains, the third collects people’s personal information and sells it, and the fourth withdraws the cash.

To avoid falling victim to the scammers’ tricks, sports fans should be careful and only buy tickets from authorized reseller sites and ignore resources offering tickets at very low prices. The official website of the Olympic Games provides a list of official ticket sellers in your region and a service that allows you to check the legitimacy of sites selling tickets.

The Rio Olympics: Scammers Already Competing

Also, we strongly recommend not buying anything in stores advertised in spam mailings or advertising banners, whether it’s tickets or souvenirs related to the Olympics. At best, you’ll end up with non-certified goods of dubious quality, and at worst – you’ll just be wasting your money. For those who cannot resist impulse purchases, we recommend getting a separate bank card that is only used for online payments and which only ever has small sums of money on it. This will help to avoid serious losses if your banking information is stolen.

The Rio Olympics: Scammers Already Competing

Your email address will not be published. Required fields are marked *

 

Reports

How to catch a wild triangle

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

Subscribe to our weekly e-mails

The hottest research right in your inbox