Fraudulent Typosquatters Lie in Wait for London Olympics Searchers
By: Robert Lemos
As the Olympics go into Week Two in London, security experts are warning consumers seeking news on the events to beware of fraudsters that are attempting to sell anything from free access to Olympic TV coverage to venue tickets.
On Aug. 3, Web security firm Zscaler reported that nearly 80 percent of the domains visited by its customers and containing the term "olympics" hosted fraudulent content or ads targeted at visitors who mistyped domain names, an activity known as typosquatting. Most of the fraud aims to capture visitors who mistyped NBC's official site of Olympic coverage in the United States, for example, adding a 'c' (cnbcolympics.com) or dropping an 's' (nbcolympic.com).
Instead of the main news site, visitors will find themselves on sites hosting ads, charging for fraudulent TV-on-PC services, or attempting to install adware or spyware, said Julien Sobrier, senior researcher with Zscaler.
"Every time there is a big event or a natural catastrophe or a celebrity doing something notable, all the scammers, they all take their existing scam and create a new variation," he said.
In a single day, Zscaler's customers browsed about 100 Websites with the term "olympics" in the domain name. More than 80 of the sites were not legitimate and one-third of those sites counted on typos to redirect users to the scammer's domain.
Zscaler is not the first company to warn of Olympic-related scams. Many other firms have warned about the Olympics as a central topic for scams. Security firm McAfee, a subsidiary of technology giant Intel, has detected online scams involving ticket sales, fake Olympic-themed lotteries and other spam, the company stated. A number of British agencies have warned of scams and advised the people attending the Olympics to take their digital security more seriously. Jonathan Evans, chief of the United Kingdom's MI5 security service, reportedly told businesses to beware of attacks from nation-states, as well as from cyber-criminals.
Tracking down the fraudsters responsible for typosquatting is not simple, because the lion's share of the domains are registered privately, said Zscaler's Sobrier. Yet, most of the sites promoting the scams appear to be affiliates, not the actual fraudsters responsible for the scams, he said. Affiliates are mid-level fraudsters who get paid for every visitor that is redirected to an advertiser's site. While legitimate businesses-such as Amazon-use affiliate arrangements to drive traffic to their sites, they enforce ethical practices on their partners.
Scammers accept any scheme that could result in sales. Counterfeit pharmaceutical sites, for example, continue to widely use affiliates to sell their wares. In the latest Olympic-themed schemes, it's likely that the people behind the advertisements for TV-on-PC services are affiliates, said Sobrier. Among the domains that are advertising TV-on-PC services are londonolympic2012tv.com, olympics2012onipad.com, watchsummerolympics.com and londonolympic.info. The fraud is quite basic, but can still be lucrative for the scammers, Sobrier said.
"It is mostly the same scams, old spams and old techniques," he said. "There is no reason for them to try something new."