Olympics Scammers Get Gold Medals for Creativity
Scammers are trying to capitalize on the London 2012 Olympics.
CREDIT: International Olympic Committee
Every four years, the world's most talented and skilled come together for a two-week competition in pursuit of gold and glory.
Those competitors aren't participating in the Summer Olympics. Rather, they're the digital criminals, identity thieves and sleazy online operators who gather to feast on the smorgasbord of Internet interest that the Olympic Games offers.
Olympics-related scams first began to appear this spring with bogus ticket offers, and really got into gear in late May as a fake competition schedule installed malware on the computers of those who tried to view it.
But now that the games are under way, emails promising exclusive Olympics video clips have been found leading to malware. The "London 2012 Olympics lottery team" has been promising riches to people worldwide. Britons have received scam emails offering tickets to Olympic events, even those that don't sell tickets.
Just this past Friday, security company Zscaler said a full 80 percent of the Olympics-themed websites it had examined were scams of one form or another, ranging from ad-filled typosquats such as "cnbcolympics.com" or "wwwnbcolympics.com" to sites offering ways to stream the TV feed for a small fee.
The situation is so bad that the official London 2012 website has a page devoted to helping fans avoid Olympic-themed scams. The page links to a running list of Olympic-themed scams that's already reached 11 pages.
"If you are contacted by someone claiming to be from London 2012 saying they are authorized by or connected to London 2012, or saying they can help you gain some connection with the Games, please take steps to ensure they are legitimate, particularly if they are asking you to pay them any money," says the official London 2012 site.
Some of the scams are pretty entertaining. For example, there's one that claims that "the sailing facilities at Weymouth and Portland for the London 2012 Olympic and Paralympic sailing events" came in under budget, and that "there is a remaining £14,500,000 [$22,600,000] of benefit available."
"The email therefore asks the recipient to present its business as the second foreign contractor to enable the transfer of the remaining (£14,500,000) into his or her account."
More lotteries than actual people
Another email "informs the recipient they have won £1 million via a random World Wide Web computerised draw system," the page states. "The recipient is asked to provide personal information, winning references, and a proof of identification or passport document."
There's malware too. An "email made to look like a London 2012 press release" harbors a secret — "if a recipient clicks on it and they don't have Internet protection software running on their PC, the email will try to download a Trojan horse keylogger."
And email isn't the only method of communication. The "'London 2012 Lotto' SMS" sends a text message confirming "that the recipient has won £300,000 [$468,500] in the London 2012 Lotto Draw. They are asked to call 02033183174, quoting the reference 9897721 to claim a prize."
Another one sends a physical letter "to non-United Kingdom residents" and "informs the recipient that they have won £950,000 [$1,484,000] due to their mobile phone number being randomly drawn." Of course, to claim the money, they have to email personally identifiable information such as their "mobile number, full name, full address (not P.O. box), Phone/Fax, Sex, Age, Occupation and Nationality."
At the end of almost every listing, the London 2012 organizers add a warning: "This is a scam. Do not provide any of your personal details or pay any money to the people who sent this."
Many of the scam emails have to do with one form of bogus lottery or another. To the alert reader, such enticements are so obviously fraudulent that it's amazing that anyone would ever fall for them. But as a Microsoft researcher recently pointed out, perhaps they work precisely because they're so dumb.