Phony ICC Promotion Award

Nothing can be more enticing than to be chosen for some free goodies—be it mementos, a cash prize, or a ticket to watch a game. It gets even more interesting if you are from a cricket crazy continent and suddenly, out of the blue, you receive an email saying that you are “the chosen one”!

What would you do? At first thought you would pounce on the opportunity, like a jungle tiger does its prey. But hang on a second! What you might be thinking is an opportunity of a lifetime, sadly, is just the opposite. Let me put it bluntly: if you have received such an email, you are "the chosen prey”. And if you decide to reply to it, then you could be in for some big trouble!

Millions of people get scammed every day with such fantastic offers. The sad part of the story is that many get plundered in this game. Scammers put in a lot of planning before sending out such emails. Upcoming events are focused upon, strategies are formalized, and emails are drafted—all keeping in mind the target audience.

Last year, we reported a fake ticket scam for the 2011 ICC Cricket World Cup held in India. This year, scammers have revisited the continent with Sri Lanka in mind (the place where the destiny of cricketing nations will be decided). You guessed it right—it is the 2012 ICC World Twenty20 tournament to be held in September 2012. We certainly feel this will not be the last spam campaign to be seen for this tournament.

Let’s analyze one email scam sample. From the email headers, we find this message does not originate from the ICC in any way:

The contents of the email are actually found in the PDF attachment:

The content inside the PDF attachment has all the characteristics of an email scam. It announces the email account of the recipient has been chosen randomly and has won a prize of 75,000 Euro. (Without user participation in any lottery! Surprising isn’t it?). This award is called the “International Cricket Council (ICC) Promotion New Year Award 2012”, which is obviously imaginary. There is also a form to be filled with details like name, date of birth, address, and banking-related information. Amusingly, this mail also includes a logo which claims this payment is considered risk free by all financial service providers. Along with the risk free tag, a barcode is added towards the end of the document to make it look genuine. In addition, they have added the event logo of the tournament, inviting users to register for official travel packages to Sri Lanka.

Users should not believe and communicate with senders of these types of email notifications. This warning also applies to similar SMS texts sent to mobile phone users. Do not trust such emails without verifying the sender. Such messages are never “risk free”.

See the Symantec Intelligence Report for best practices for consumers.