The Summer Olympics in London have kicked off and cyber criminals, spammers and data thieves are wasting no time, capitalizing on Olympic related scams. Currently, the volume of websites selling bogus Olympic tickets are on the rise. These sites normally propagate their campaings though unsolicited ad banners, popups, social networking sites and email messages. Let us examine one such site in detail.
This bogus site is liveolympictickets(dot)net,
which also has a Facebook page as shown below:
The website claims to sell official tickets for the London Olympics. As you can see from the screen shots below, they have tried to retain the same
aesthetics as the official London 2012 site: [http://www.london2012.com/
]. This bogus site allows you to add items to your shopping cart, checkout and pay using a credit card. It works just like any other normal ecommerce website.
The site also has external links which redirect to other websites that have the same kind of bogus tickets offers. Some of these sites include pay-per-click scams.
Let us try to examine what is happening in the background. When you type in your personal details such as email, address, phone no. etc., they get sent via plain text (no encryption). The same applies when credit card details are sent, exposing them on the network.
These websites do not have adequate security mechanisms in place, visiting and entering private information could lead to information leakage/theft. This website is just a needle in the haystack. There are numerous such sites which try to market fake promotions/live streaming/tickets.
Stay away from these websites. The official London Olympics site maintains a list of websites which are known to sell fake tickets, check them before buying any tickets: [http://www.london2012.com/spectators/tickets/ticket-checker/
If you are concerned about the legitimacy of a website, Zulu, Zscaler's cloud based URL risk analyzer can be used to check for malicous/spam/phishing sites etc. Visit [http://zulu.zscaler.com
] for more Information.