Phishing the Beijing Olympics Lottery
Threat Type: Phishing Alert
Websense® Security Labs™ ThreatSeeker™ network has discovered a rogue Beijing Olympics ticket lottery Web site.
The Web site uses the hostname beij***2008.cn, a clear typo-squat to the official Olympic Games Web site at http://www.beijing2008.cn/. Benefiting from the hype around the purchasing of tickets for the Games, the social engineering tactic behind this scam is to lure users into dialling a toll number to retrieve an access code for an available ticket. The toll number is likely an additional revenue generator for the scammers as callers would then be charged a premium rate for making that phone call.
Users who input the supplied access code are forwarded to a further Web page designed to collect personal information. They then have the incentive to enter credit card details, to pay a relatively small sum of RMB600 for the ticket (approximately 87 USD).
This phishing Web site goes a step further than most phishing sites by employing a phone-call "verification" step. This higher level of interactivity and supposed verification garners more trust from unsuspecting users.
A screenshot of the scam Web site:
A screenshot of the page used to collect personal information:
Websense Messaging and Websense Web Security customers are protected against this attack.