Spammers Playing in Wimbledon Court

The 127th edition of the Wimbledon Championships, and third Grand Slam event of the year, are coming to an end with the final being played July 7. When it comes to major sporting events we can expect large amount of gambling, and spammers take advantage by sending online betting and casino email spam. We have observed the following spam campaign targeting the Wimbledon Championship with a fake betting offer.
 

image1_3.jpeg

Figure. Wimbledon Championship spam
 

Interestingly, in order to trick users the spammers are actually using Antispam Laws to make their spam look legitimate (which we recently blogged about in Whitewashed Spam – How Antispam Laws Are Helping Spammers). These spammers are tempting users with the fake offers like “Get started with $5 free and $500 as welcome package”. Also the spam messages contain hexadecimal-obfuscated URLs which is a technique spammers use to avoid anti-spam filters. Users should be aware of any fake betting offers.

We observed the following spoofed email header targeting the 2013 Wimbledon Championship:

Subject: Tennis action with 77 spins on Centre Court
From: All xxx Casino <REMOVED.com>

Symantec advises everyone to be cautious with unsolicited or unexpected emails related to the 2013 Wimbledon Championship and to be cautious of fake betting offers. We continue to monitor spam attacks around the clock to ensure that readers are kept up to date with the latest information on potential threats.

HSBC phishers disguise attacks as Wimbledon tickets prize

With summer rapidly approaching (we hope..) in the UK, many people’s thoughts are turning to strawberries, cream and action on the grass courts of SW19.

Yes, it’s almost time for the Wimbledon tennis tournament!

Here’s an email that we’ve seen spammed out to computer users, pretending to come from banking giant HSBC.

Wimbledon HSBC phishing email

The messages have a subject line of “Claim your ticket at Wimbledon” and have a file attached called prize-form.html.

Opening the file to unclock your prize, however, is not such a good idea as it contains a form which asks for all sorts of personal information about your bank account – including your date of birth, memorable names, card security code and so forth.

Phishing form

The scam earns some extra credibility because HSBC is a genuine sponsor of the Wimbledon tennis tournament, and there was indeed a competition held by the bank to meet Tim Henman.

Winners, however, were notified on 10 May 2011 according to HSBC’s website – which is more evidence, if you needed it, that this email is a phishing scam designed to steal your credentials.

Don’t allow the thought of free tennis tickets trick you into making bad security decisions. Always be suspicious of unsolicited emails from your online bank – especially if they ask for information like this.