By: ThreatLabz

London Olympics Email Scams (updates)

Uncategorised

In light of the popularity of the Olympics knowing that scammers will come out of the woodwork to take advantage of the event – we're continually monitoring for Olympic scams and maliciousness, no matter how unsophisticated. And so far, unsophisticated has been exactly what we have been seeing.

Here is an example of the standard sort of Olympics "lottery" pitch that we are seeing from the scammers over email:

Scam attachment


Below are a few updates for what we are currently seeing today:


Received: from [216.172.135.113] by web5710.biz.mail.ne1.yahoo.com via HTTP
From: Lottery Draws Notice [websjod@gmail.com]
Reply-To: internetaward166@gmail.com
Subject: View The E-Mail Attachment And Contact Your Claim Agent
Body: KINDLY OPEN THE ATTACHED FILE
Attachment: 2012 London Olympics Lottery Draws Notice.doc
Scammer email to send data: internetaward166@gmail.com

--

Received: from [173.245.64.182] by web180804.mail.gq1.yahoo.com via HTTP
From: London Olympics 2012 [bolympics111@gmail.com]
Reply-To: London Olympics 2012 [lon2012.0lympics@london.com]
Subject: Read the Attached Letter
Body: Read the Attached Letter
Attachment: LONDON OLYMPICS LOTTERY.pdf
Scammer email to send data: lon2012.0lympics@london.com

--

Received: from [209.73.132.40] by web5717.biz.mail.ne1.yahoo.com via HTTP
From: LONDON 2012 OLYMPICS LOTTERY [smithed2012@gmail.com]
Reply-To: 2012lonolympicsgames@london.com
Subject: Congratulation
Body: INTERNATIONAL PROMOTIONS LONDON 2012 OLYMPICS LOTTERY
Attachment: LONDON 2012 OLYMPICS 1-1.doc
Scammer email to send data: 2012lonolympicsgames@london.com

--

Received: from smtpout.telepacific.net ([208.57.218.234])
From: "Very.co.uk"[account@very.co.uk]
Subject: Account Bonus for Olympics 2012
Body: Dear Customer, Here is a notification that your account is due to be credited. Click on My Account below to accept this offer and also get a discount for the Olympics 2012.
Link: hxxp://contabilidadpymes.cl/images/login/en/index.html
This is a phishing page for very.co.uk online shopping site.

Very.co.uk phish page using Olympics as a driver

--

Received: from [67.195.23.211] by web184804.mail.gq1.yahoo.com via HTTP
From: LONDON OLYMPICS 2012 INTERNET LOTTERY ANNIVERSARY [i.olympic2012@london.com]
Reply-To: LONDON OLYMPICS 2012 INTERNET LOTTERY ANNIVERSARY [revgraigjon01@gmail.com]
Subject: You have won from London Olympic 2012
Body: Open the attachment
Attachment: LONDON OLYMPICS 2012.doc
Scammer emails: revgraigjon01@gmail.com, unclaimrevgraig@consultant.com

--

Received: from User ([217.16.182.244]) by redwood-mtg.com
From: "Mrs. Linda Joseph"[webinfo66@yahoo.com]
Subject: London 2012 Olympics Lottery Winner
Return-Path: webinfo66@yahoo.com
Body: basic scam email asking for victim banking info to be returned in order to claim winnings (summarized due to length)
Scammer email: webinfo66@yahoo.it

--

In addition to these, I’ve seen reports of scams using image files (e.g., JPGs) to by-pass content inspection checks (a common practice among scammers/spammers) containing the same sort of instructions for victims to send their banking information in order to claim their winnings.

In addition to scams, we have seen everything from gambling sites, online shops, TV/streaming services, news / social media sites, and even a florist sending email promotions using the Olympics as a marketing driver.

I will make updates to this post with anything new that I see over email throughout the Olympics, additionally I will make a separate post on the web angle.

Learn more about Zscaler.