Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

"Know when to walk away, know when to run." An Update on the Ladbrokes Phishing Scam

Created: 31 May 2006 07:00:00 GMT • Updated: 23 Jan 2014 18:59:24 GMT
Stephen Doherty's picture
0 0 Votes
Login to vote

n regards to my previous blog about the social engineering attack that occurred recently on Ladbrokespoker.com, it seems as though the problem with rogue phishing messages is still causing havoc with some online poker rooms. The following fake message was sent to Ladbrokespoker.com users from May 16th to May 17th (Monday night to Tuesday afternoon):

“ATTENTION PLAYERS: THE FIRST 10 PLAYERS WHO WILL VISIT THE SITE (http://www.ladbrokes-winners.com/) THEY WILL BE AWARDED WITH THE AMAZING PRICE OF $10,000. HURRY!!!!”

Ladbrokespoker.com are currently promoting their upcoming 500 millionth poker hand, and are offering over $60,000 in cash prizes. The timing of these unofficial message boxes will certainly influence the scam's overall success rate, as users could be coaxed into believing the rogue messages are an official Ladbrokes promotion. Yet again, this is an unofficial message advertising a fake Web site that is posing as an official Ladbrokes site. Unsurprisingly, when I received the message box it claimed that I was one of the lucky ones because I was the eighth visitor to the page, even though the Web site had received over 1,000 visitors. (Figure 1)

Ladbrokes%20-%20Congratulations%20visitor.JPG
Figure 1

The scam is fuelled by the false pretense that the Web site will "reward" unsuspecting users with $10,000 in exchange for their credit card details; however, the credit card details are simply forwarded to a remote server. (During the scam on Monday, the server address was: [http://]06cd06.net[REMOVED].com/claim_your_winnings.php, and during the scam on Tuesday the server address was:[http://]006cd06.net[REMOVED].com/claim_your_winnings.php) In an effort to convince users taken in by the scam that a transaction had actually taken place, a Web page was displayed that indicated $10,000 would reach their accounts within three to five working days. (Figure 2)

Ladbrokes%20-%20Withdraw%20Transaction%20Complete.JPG
Figure 2

Unfortunately, some unlucky users may have submitted their details before realizing that this was a phishing Web site. One of the biggest concerns about this scam is the number of victims that have been duped so far. The phishing site has recorded 1,093 unique visits to the page, a further 831 users clicked through to the "Submit Details" page, and 70 of those made it to the "Transaction complete" page at the time of this writing.