Fake ticket scams for the 2016 Rio Games were always on the cards. Whenever a big event takes place, the hackers and scammers take part, too. Kaspersky Lab identified the first wave of Olympic spam in the early part of 2015. These appeared in English, with some Portuguese and are thought to be the work of organized fraudsters targeting the ticket market.
The most recent spam wave is phishing e-mails purporting to come from the International Olympic Commitee and the Brazilian Government, stating that the user’s e-mail address has been randomly chosen from a long list entered into a prize draw. To claim their prize, the lucky user must disclose some personal details.
The fraudsters behind the ticket scams are setting up fake web pages. Kaspersky Lab are constantly detecting and blocking these counterfeit domains. The researchers at the Lab comment that the pages are very well designed. The criminals buy cheap, simple SLL certificates to provide a secure web-server – browser connection. The certification also gives a ‘https’ prefix to the address which is often enough to convince the user that the page is genuine. Andrey Kostin of Kaspersky explains the elaborate organization behind the fraud, “According to our research, the creation of fake sites usually involves well organized, fraudulent, international gangs. They split tasks, so that each small group is responsible for a separate part of the work. For example, one group creates websites, the other registers domains, another collects and sells the victims’ personal information, etc“.
The phishing sites are probably selling on the information, and on the fake ticket ‘sites, the customer is told to expect their tickets to arrive two or three weeks before the event. The idea behind this is to give the scammers much more operating time before being discovered – or so they thought. Though if victims have made a fake ticket purchase, the thieves have all the credentials needed to empty the victim’s account at any time.
To stay safe with Olympic-related purchases, only official sites should be used and these should be double-checked for veracity. Another tip is to create a second account for all on-line purchases (without any credit facilities) and only keep small amounts in this. Kostin summarizes: “In order to avoid falling victim to these fraudsters, sports fans should be savvy when they buy tickets. They should only trust authorized resellers, no matter how attractive the low prices from other resources can be“.
