The first spam emails were mentioning the Olympic Games in Rio de Janeiro in early 2015, a year before the event, says an IT security product company. The majority of spam emails are in English, but some are also in Portuguese because of the location of this year’s Olympic Games. According to Kaspersky Lab research, international fraudster gangs are also behind the creation of fake ticketing services for the Olympic Games.
Major events attract spammer attention because they are a good opportunity to earn money from the credulous. However, it is only recently that Kaspersky Lab detected spam emails dedicated to the upcoming Olympic Games in Rio de Janeiro. The most frequent topic of these emails is fake lottery wins for the ticket lottery organised by the International Olympic Committee and the Brazilian Government. Spammers are attempting to convince victims that their email address has been chosen randomly from a large list. To receive their prize, the victim must reply to the email and provide personal information.
Spam emails are not the only threat faced by users. Ticketing services are also appearing for the Rio de Janeiro 2016 Olympic Games and these are the most dangerous threat. The Lab says that it constantly detects and blocks counterfeit domains with «rio» and «rio2016» in the title.
Malicious web pages discovered have been very well made. Fraudsters often buy the cheapest and simplest SLL certificates, which allow secure connections between a web server and a browser and provide “https” at the beginning of the address bar. This makes it harder for users to distinguish fake pages from the official Olympic ticketing services. The business model used by fraudsters is fairly simple, according to the IT security company. On phishing websites users have been asked to provide personal information – including bank account details — to pay for the fake Olympic Games tickets. After extracting this information, criminals use it to steal money from victims’ bank accounts. To sound even more convincing, fraudsters are informing their victims that they will receive their tickets two or three weeks before the actual event.
David Mole, Head of Retail, UK at Kaspersky Lab, says: “According to our recent Spam and Phishing Q1 report, the first quarter of 2016 saw a considerable increase in the share of unwanted correspondence. With this in mind, it’s no surprise that cybercriminals are using the Olympic Games as a ploy to extort money and personal information from unsuspecting recipients. What’s more, beyond phishing emails, cybercriminals are creating fake sites, disguised as legitimate ones. The creation of these sites is normally carried out by gangs, which split individual tasks among each other. For example, one group may be responsible for setting up the fake website’s domain, and the other may be responsible for creating the actual website. We recommend that fans everywhere be very cautious when purchasing tickets or souvenirs. Users need to make sure that they are only trusting authorised resellers, despite how appealing the low prices may be from alternate resources.”
