CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
August 5th, 2008

Beijing Olympics Lottery Phishers Verify Their Victims

Websense has recently discovered another rogue Beijing Olympics website, this time for fake ticket lottery.

The Web site uses the hostname that is a clear typo-squat to the official Olympic Games Web site at beijing2008.cn. Benefiting from the hype around the purchasing of tickets for the Games, the social engineering tactic behind this scam is to lure users into dialing a toll number to retrieve an access code for an available ticket. The toll number is likely an additional revenue generator for the scammers as callers would then be charged a premium rate for making that phone call.

Users who input the supplied access code are forwarded to a further Web page designed to collect personal information. They then have the incentive to enter credit card details, to pay a relatively small sum of RMB600 for the ticket (approximately 87 USD).

This phishing Web site goes a step further than most phishing sites by employing a phone-call “verification” step. This higher level of interactivity and supposed verification garners more trust from unsuspecting users.

Share this item with others:

More on CyberInsecure:
  • Phishing Websites Sell Fake Olympics Tickets
  • Camelot Denies SQL Injection Vulnerability On UK National Lottery Website National-Lottery.Co.Uk
  • Phishers Celebrate PayPal’s 10th Year Anniversary
  • New Malware Spam Reporting Bogus Beijing Earthquake Targets Olympic Games Fans
  • UEFA Lottery Scam Targets UK Football Fans

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Beijing Olympics Lottery Phishers Verify Their Victims

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.