Brazilians targeted in free Olympic ticket giveaway phishing scam

The 2016 Olympics may be winding down, but cyber-criminals are not slacking off in their efforts to use the sporting event as a way to lure victims.

Trend Micro said Brazilians have borne the brunt of these attacks with many phishing campaigns dangling the prospect of free event tickets for them if they click on a link. The cyber-gangs are using typical social engineering tricks topping the emails with subjects lines like “Congratulations You Just Won 2 tickets for the 2016 Olympics,” but instead of heading off to a sporting venue the recipient will be hit with malware, most commonly the Banker banking trojan, wrote Fernando Mercês, Trend Micro senior threat researcher.

Complicating the issue, Mercês said, is the fact that cyber-crime tools are readily available on the regular web, enabling beginners to quickly begin operation of their own criminal syndicate. And for those uninterested in running the software, Trend Micro has seen cases of banking trojans being offered as a service.

“A cyber-criminal, dubbed as Ric, advertised a banking trojan, and its infrastructure, to aspiring cyber-criminals who want to make a name for themselves,” Mercês said. "Just as some  Brazilian cyber-criminals remain unfazed by law enforcement, Ric also posted his ads via YouTube."

One ad that offered training in running a banking trojan scam offered the service to Brazilians for about US $470 (£360). For that price the future criminal received tutorials on setting up a command-and-control server, configuring malware kits and developing keylogger and phishing pages, Mercês said.