Zenith Live 2019 Keynotes Watch Now
Zenith Live 2019 Keynotes Watch Now
Blogs > Security Research

London Olympics Email Scams (updates)

/sites/default/files/images/blogs/----category-images/malvertising/zscaler-blog-malvertising-1%402x.jpg

By: ThreatLabz

Uncategorised

London Olympics Email Scams (updates)

In light of the popularity of the Olympics knowing that scammers will come out of the woodwork to take advantage of the event – we're continually monitoring for Olympic scams and maliciousness, no matter how unsophisticated. And so far, unsophisticated has been exactly what we have been seeing.

Here is an example of the standard sort of Olympics "lottery" pitch that we are seeing from the scammers over email:

Scam attachment


Below are a few updates for what we are currently seeing today:


Received: from [216.172.135.113] by web5710.biz.mail.ne1.yahoo.com via HTTP
From: Lottery Draws Notice [[email protected]]
Reply-To: [email protected]
Subject: View The E-Mail Attachment And Contact Your Claim Agent
Body: KINDLY OPEN THE ATTACHED FILE
Attachment: 2012 London Olympics Lottery Draws Notice.doc
Scammer email to send data: [email protected]

--

Received: from [173.245.64.182] by web180804.mail.gq1.yahoo.com via HTTP
From: London Olympics 2012 [[email protected]]
Reply-To: London Olympics 2012 [[email protected]]
Subject: Read the Attached Letter
Body: Read the Attached Letter
Attachment: LONDON OLYMPICS LOTTERY.pdf
Scammer email to send data: [email protected]

--

Received: from [209.73.132.40] by web5717.biz.mail.ne1.yahoo.com via HTTP
From: LONDON 2012 OLYMPICS LOTTERY [[email protected]]
Reply-To: [email protected]
Subject: Congratulation
Body: INTERNATIONAL PROMOTIONS LONDON 2012 OLYMPICS LOTTERY
Attachment: LONDON 2012 OLYMPICS 1-1.doc
Scammer email to send data: [email protected]

--

Received: from smtpout.telepacific.net ([208.57.218.234])
From: "Very.co.uk"[[email protected]]
Subject: Account Bonus for Olympics 2012
Body: Dear Customer, Here is a notification that your account is due to be credited. Click on My Account below to accept this offer and also get a discount for the Olympics 2012.
Link: hxxp://contabilidadpymes.cl/images/login/en/index.html
This is a phishing page for very.co.uk online shopping site.

Very.co.uk phish page using Olympics as a driver

--

Received: from [67.195.23.211] by web184804.mail.gq1.yahoo.com via HTTP
From: LONDON OLYMPICS 2012 INTERNET LOTTERY ANNIVERSARY [[email protected]]
Reply-To: LONDON OLYMPICS 2012 INTERNET LOTTERY ANNIVERSARY [[email protected]]
Subject: You have won from London Olympic 2012
Body: Open the attachment
Attachment: LONDON OLYMPICS 2012.doc
Scammer emails: [email protected], [email protected]

--

Received: from User ([217.16.182.244]) by redwood-mtg.com
From: "Mrs. Linda Joseph"[[email protected]]
Subject: London 2012 Olympics Lottery Winner
Return-Path: [email protected]
Body: basic scam email asking for victim banking info to be returned in order to claim winnings (summarized due to length)
Scammer email: [email protected]

--

In addition to these, I’ve seen reports of scams using image files (e.g., JPGs) to by-pass content inspection checks (a common practice among scammers/spammers) containing the same sort of instructions for victims to send their banking information in order to claim their winnings.

In addition to scams, we have seen everything from gambling sites, online shops, TV/streaming services, news / social media sites, and even a florist sending email promotions using the Olympics as a marketing driver.

I will make updates to this post with anything new that I see over email throughout the Olympics, additionally I will make a separate post on the web angle.


Suggested Blogs