14 DAY TRIAL // A website impersonating the online location of the Mega Millions lottery has resisted takedown despite alerts published by the game organizers and warnings from users receiving messages directing them to the scammy spot.
Registered anonymously, the site has been set up to collect from victims personal information ranging from address, occupation, date of birth and gender to phone number, email credentials, the password for Facebook and answers to common security questions.
Fake website should be easy to spot
The operation works by sending messages to users, pointing them to megamillionsclaim[dot]tk, where they can allegedly claim a large winning in the Mega Millions game.
The website looks suspicious as soon as it launches, showing distorted images with past winners. Taking a peek at the “about” section, the scam should become obvious as the section is filled with grammar mistakes. On the same note, the owners of the website claim that the game is organized in collaboration with “Facebook Promotion.”
In the alert from the real Mega Millions website, the organizers say that “crooks usually try to get the person to wire money for ‘taxes’ or ‘fees’. They may also try to get the victim to provide them with a bank account number, which they will then clean out. Another trick is to send the winner a bogus ‘check’ and ask the winner to send money back to cover expenses.”
Huge win message can lead to huge losses
However, the amount of information collected from a victim can lead to much greater damage. Facebook and email accounts are some of the most coveted assets for cybercriminals as they can contact friends of the victim as well as peek into their personal life.
Using fake lottery winnings as a lure is an effective way to capture the attention of a victim, but a good way to protect against this type of scam is to check the official website of the game for the names of the winners.
Providing sensitive information like credentials in other fields than login ones for the service they grant access to is never a good idea, just like replying with personal information over email, especially to unverified parties.