Security Labs


  digg   |   |     reddit
  newsvine   |     furl   |     technorati

Phishing the Beijing Olympics Lottery


Threat Type: Phishing Alert

Websense® Security Labs™ ThreatSeeker™ network has discovered a rogue Beijing Olympics ticket lottery Web site.

The Web site uses the hostname beij***, a clear typo-squat to the official Olympic Games Web site at Benefiting from the hype around the purchasing of tickets for the Games, the social engineering tactic behind this scam is to lure users into dialling a toll number to retrieve an access code for an available ticket. The toll number is likely an additional revenue generator for the scammers as callers would then be charged a premium rate for making that phone call.

Users who input the supplied access code are forwarded to a further Web page designed to collect personal information. They then have the incentive to enter credit card details, to pay a relatively small sum of RMB600 for the ticket (approximately 87 USD).

This phishing Web site goes a step further than most phishing sites by employing a phone-call "verification" step. This higher level of interactivity and supposed verification garners more trust from unsuspecting users.

A screenshot of the scam Web site:

A screenshot of the page used to collect personal information:

Websense Messaging and Websense Web Security customers are protected against this attack.