Symantec has kept its eye on the ball and reported on malicious 419-spam campaigns associated with major global sporting events, from the Beijing Olympic Games 2008 to the upcoming FIFA World Cup 2010.
When international sporting events of such scale are happening, the Internet becomes a perfect avenue for cybercriminals to lay their traps and lure sports enthusiasts into their devious game plans. Typically, nefarious online activities related to major sporting events begin as early as a year before the actual event takes place.
After an initial burst of activity, spammers go quiet for a while, only to raise their antennae a couple of months before the actual event. This changes if something unusual or sensational happens in the interim. To cash in on such instances, spammers send out video spam. These email messages can be used for malicious attacks, as the video link actually points to a fake update.
Spam campaigns are common when there is a lot of hype surrounding an event, and the FIFA World Cup 2010 is a perfect example of that. In our blog last week, we provided stats and outlined different types of attacks that have abused the world’s popular sports.
Even as the FIFA fever fades, spammers will always have upcoming sporting events to exploit. Symantec has already started seeing spam samples for the Commonwealth Games 2010 Delhi, to be held from October 3 to 14, 2010.
Here we see a typical lottery scam which is using the Commonwealth Games as bait to cheat recipients. We are seeing a similar example for the London 2012 Olympics, where spamming has already begun with a lottery scam. However, 2010 is too early to start spamming for 2012, even by spammers’ standards!
We are observing attacks taking place on all possible mediums on the Internet, especially on popular social networking sites; therefore users need to be extra careful before they click on a link.
Symantec will continue to monitor these attacks and keep users well-informed. Users are advised to not to click URLs from unsolicited emails. We recommended avoiding communication using phone numbers or email addresses provided in scam emails.