Phishing Attack Offering Fake Premier League Tickets

After executing a variety of notorious activities targeting the FIFA World Cup, spammers have shifted their focus slightly to target another popular soccer/football topic. Symantec has observed a spam campaign targeting the Barclay’s Premier League, which is an English professional soccer league. The season opens on August 14, 2010, and the league’s last match will be played on May 22, 2011.

The spam message claims that the user has won a pair of tickets for the 2010/11 Barclay’s Premier League in a draw that gives away tickets every 90 minutes until the end of the season. In order to claim the tickets, the user needs to click on a link provided in the message. The link redirects users to a phishing site that asks for banking details. Below is an example of this particular attack:

In recent years we have observed that spammers are promoting bogus raffles that target major events such as this. In this example, by hosting fraudulent websites, a vast market of football enthusiasts is targeted. Although these tickets are in high demand, the supply should always be from a legitimate source and no hope should be placed in these dubious raffles that only have one winner (and, it’s never you).

To minimize online risk, Symantec recommends the following:
 
1.   Be suspicious of email that requests that you enter your account username and password.
2.   Do not click on the link provided in the email and type the bank website’s address into your Web browser manually.
3.   Use the latest messaging security solutions from Symantec that fight unique spam and phishing attacks like the ones mentioned above.

------------------------------

Note: Thanks to Kedar Pathak for contributed content.