London Olympics-Themed Spam: Prize Notifications, Awards and Visa Lotteries
Researchers may be right when they say that scams are poorly written on purpose
As the London 2012 Olympics approach the numbers of spam messages and malicious operations launched by cybercriminals grow. Experts have come across at least three new scam versions that currently make the rounds.The first one is a classic. It reads, “your name and email was randomly picked by Visa/Master Card Card Europe Inc in our London 2012 Olympics promo. Please contact the coordinator for more details.”
Once the victim contacts the “coordinator,” he/she receives detailed instructions on how to collect the prize. The steps include providing personal information and even making payments supposedly needed to complete the prize money transfer.
Another variant is somewhat cleverer. It’s an empty message that comes with an attachment called “2012 OLYPIC AWARD WINNIG NOTIFICATION.docx.”
While it may seem that the file is nothing more than a harmless document, in reality, it’s a Trojan (TROJ_ARTIEF.ZIGS) that’s designed to drop a backdoor onto the target machine. This backdoor enables cybercriminals to steal sensitive information and download other threats.
Finally, we have an email entitled “Your email address has won the 2012 Olympic Award.” It informs the recipient that his/her email address “was randomly picked through an electronic ballot system without the candidates applying.”
Besides the one “1,000,000 00 GBP” the lucky winner also gets to be a special guest at the opening ceremony of the “London 2012 Olympics Games.”
In return for the fabulous prizes, the user must send back information such as name, address, gender, phone number, occupation and country.
“Attackers are still using these because these scams are still giving them successful margins. Social engineering has worked for years and there are little signs of that changing,” Trend Micro Senior Threat Researcher Robert McArdle explained.
If we take a look at these schemes, we could easily say that they’re not hard to identify as being malicious. On the other hand, the results of a study released a few days ago by Microsoft researchers also makes a whole lot of sense.
They found that scammers rely on poorly written and poorly conceived plots on purpose because this way they can filter out all the false positives - individuals who know that these are scams - and remain with the true positives, or those who are gullible and more likely to get fooled.