The Olympic Scams Medal Winners

Sometimes cyber crooks can achieve impressive feats of evil. They can create masterful illusions that dupe people out of their money, whether that’s through phishing sites like Olympic scams pretending to be ticket services or with some clever social engineering tricks.

With the Olympics opening ceremony taking place this evening, TechWeekEurope thought it would be a good idea to award the most convincing Olympic-themed scams in the traditional style. It’s less a promotion of cyber crooks’ technical proficiency, however, than a way of highlighting the kinds of threat that will cause the most economic harm to Web denizens during the Games.

Bronze

Taking a different angle on the Olympic Scams theme, cyber criminals have taken to creating fake mobile games to infect users. Over in Russia, crooks have created some convincing ads for an official London 2012 mobile game, on what appear to be legitimate stores.

They aren’t of course, the scammers didn’t even bother to provide a game for the users to mess around with whilst their phones sent SMS messages to premium rate numbers, GFI found. That’s just plain mean.

Silver

With so many people desperate to get their mitts on Olympics tickets, it’s no surprise that scammers have set up sites claiming to sell them. Many fake sites look comically amateur, as if a four-year-old had been let loose on Adobe Dreamweaver, but one was spotted this week that looked like it could have duped a few naive souls.

Trend Micro even seemed impressed by liveolympictickets(dot)com, noting it had the same aesthetic quality as the official Olympics site, with some of those lovely pink and blue hues. Although the weird official graphic that looks like a robot humping a tree was nowhere in sight…

The fiendish crooks didn’t just create a few webpages to trick the most moronic of web users, they made a site that takes people through what appears to be a typical transaction process, even up to the final stage where victims are told their order is pending. They even took to Facebook advertise their nasty work.

With a little bit of investigation work, Trend discovered it was just a phishing site. But it just goes to show how cyber criminals aren’t jokers. As web users get more aware, the crooks get craftier.

Gold

The most impressive attempt at using the Olympics as bait for an attack was spotted by F-Secure in May. TechWeekEurope hasn’t seen many direct attempts to get malware onto people’s machines by luring suckers in with Olympics goodies, so this one gets the top prize.

This attack saw emails sent out offering a download of the official Olympics schedule. The best/worst bit of this scam was that the PDF did show the official schedule. But in the background it was dropping executables that exploited holes in old versions of Adobe Reader and Acrobat. The exploits then attempted to make a connection with a site registered in China, presumably to drop malware onto the target’s system.

This was as clean and simple as a Tom Daley dive into the Olympic pool. Nice work, you nasty scammers. And watch out you good sports lovers…

Think you’re an IT Olympian? Try our sporty quiz!