Superbowl XLIX Hype Deflated by Spam
The Superbowl has always been one of the most anticipated sports events of the year. It’s even safe to say that the event goes beyond the actual sport—witness the numerous high-profile Superbowl TV commercials, events, and promos that are often tied to the event. The Superbowl is an annual spectacle that everyone wants to be a part of—even scammers and cybercriminals.
We encountered several spammed messages that use the upcoming Superbowl XLIX as bait. These emails talk about selling tickets to the game—highly desirable items, given that the event is just a few days away. The message contains a link stating “Check Ticket Availability.” The link leads to a page with an image stating that the post is no longer available.
However, a small link can be seen below that image. When clicked, it leads to another page that contains information about a certain business organization based in Panama. Perhaps it’s of little surprise that our analysis revealed that the sender of these emails is the same business indicated in the web page.
Below is a copy of the spammed message that claims to sell tickets to the Patriots versus Seahawks game to be held in the University of Phoenix Stadium in Glendale, Arizona.
[Read our spam entry Superbowl XLIX in Scam Mails]
While we haven’t seen any outright malicious activity from these web pages, it wouldn’t be too difficult for enterprising scammers or cybercrooks to use these pages to host malware, survey scams, or other threats. As such, users should remain wary of these pages.
Superbowl scams aren’t new; we’ve seen scams take advantage of the Superbowl as early as 2007. And the scams aren’t just limited to the Superbowl. We have seen almost every major sporting event be used as social engineering bait. And the reasoning behind it is pragmatic: the large number of sports fans means a large number of potential victims.
So what can users do?
- Never rely on email links to direct you to websites. It’s become all too easy for scammers to create legitimate-looking emails with links that lead to fake sites. Should you want to buy something, type in the URL of the site. Better still, rely on browser bookmarks.
- Limit your purchases to authorized sellers. It might be tempting to get tickets or merchandise from other (read: cheaper) sources, but these don’t come with guarantees that the items are legitimate.
- Use official sites for sports updates and news to avoid fake and suspicious sites.
- When making online purchases, make sure that the site uses the proper security settings. A good rule of thumb is the presence of HTTPS or a padlock icon in the address bar. This implies that the connection is secured.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale