Special Olympics Email hacked to trigger phishing campaign

Recently, a New York Special Olympics, a non-profit organization that specializes in mentally disabled athletes, was hacked during Christmas and used for phishing attacks.

The Special Olympics, known as the Special Olympics, is based on the Olympic spirit and is an international sports training and competition for people with intellectual disabilities. According to reports, the New York Special Olympics has provided sports training and athletic competitions for more than 67,000 special children and adults in New York State, including 66835 registered athletes.

“Phishing warning”by Christiaan Colen is licensed under CC BY-SA 2.0

It is understood that in this incident, the attackers hacked into their email server and launched a phishing campaign aimed at fundraisers. The specific content of the email is an upcoming reminder of the donation transaction, saying that it would automatically debit $1,942.49 from the target’s account in two hours. This tricks fundraisers into clicking on the hyperlink in the email and redirects the user to the transaction statement page. The statement reads: “Please review and confirm that all is correct. If you have any questions, please find my office ext number in the statement and call me back.”

In addition, a phishing email also uses a URL for continuous tracking. Once users click, they will be redirected to a page made by the attacker, which is mainly used to steal the credit card information of the donor.

Later, the Senior Vice President of Special Relations for the Special Olympics stated in a statement that the invasion only affected communication systems containing donor contact information and did not involve financial data.

At present, the organization has successfully solved the problem of hacking and has removed the phishing page in time, so that fundraisers can continue to donate safely.

Via: bleepingcomputer