Beijing Olympics Ticket Website Scam:
August 4, 2008, Cnn.com
The IOC and the USOC filed lawsuits on July 22 against several Web sites -- primarily www.beijingticketing.com and www.beijing-2008tickets.com -- for illegally using Olympic trademarks to dupe customers into giving them credit card, passport and banking information. Several consumers who purchased tickets from the site contacted the USOC when they did not receive tickets, despite numerous calls and e-mails to the Web sites founder, according to a USOC press release.
The scam has hit Olympic fans in the United States, Australia, New Zealand, England, Japan, China and Norway, according to media reports. This website was developed by an expert hacker who beleived to be arrested in London and managed to steal the victim's data. The hotline has received hundreds of calls from around the globe with consumers detailing losses as high as $57,000. That site is now shut down and no contact information is available.
The site www.BeijingTicketing.com priced tickets for Friday's Olympic opening ceremony at about $2,000, with events such as swimming selling for between $300 and $500. The site is the first entry that comes up for a Google search for "Olympic tickets," second only to the authorized dealer of Olympic tickets, www.cosport.com. The Web site ww.beijingticketing.com site lists a London phone number, which rang unanswered. The site lists an office address in Arizona.
Source: http://edition.cnn.com/2008/CRIME/08/04/olympic.scam/index.html?eref=yahoo
------------------------------------------------------------------------------------------------------------------
Preventive Measures To Take To Avoid These Attacks:
1. The user should check the details of the website first if he is
not sure if the website is authentic or not. He should do WHOIS lookup. WHOIS
is a database which lists every registered domain name in the world. It tells
information about the domain owner, contact information and duration of the
domain ( For how long it has existed) The website for WHOIS is
"https://www.webnames.ca/whois" . (Khadija tul Qubra)
2. The user should check the URL of the website during creating
account, logging in and on payment pages. If the URL is secure it will appear
as a green name/ a lock and HTTPS with site name on the URL tab. Many fake
websites do not buy Secure Sockets Layer (SSL) certificate. SSL certificates
secure the transfer of data when the user submits sensitive information
(creating an account, or submitting payment info) and cost money.
(Khadija tul Qubra)
3. The user should act wisely in any
situation that asks for his credential and personal information as his credit
card number, password...etc. For that the user has to make sure before
submitting any important information especially the financial ones. Hence, the
user should call the company that is responsible for that website before transferring
the money in order to make sure that his account and sensitive information will
be save. Furthermore, the user should not enter the right password at first.
Entering a wrong password will help in detecting the phishing website. For
instance, if you have signed in immediately without a notification message that
your password is incorrect that means it is a fake website. (Haya
Al-Shareef)
4. Before paying to any website the user should
look at the website name. Usually phishing/fake websites names looks correct
but it actually contains misspelling from the actual website name. They may add
character or a letter before, after, or within the website name that the user
may nor pay attention to it. Finally, to be in the save and secure side use web
browsers that detect any phishing or fake websites as: Internet Explorer, and
Mozilla Firefox because they have add-ons (plug-ins) that can really help the
user to detect any phishing sites. (Haya Al-Shareef)
5. The user must check for the contact information of the website,
Any company that is offering products or services must have physical location
as well as phone number, email and fax. If the website doesn't have any
contact information this might be an indicator that the site is a fraud.
Difficulty to come up with contact information about the site or company is a
reason to be concerned and cautious. If the site does have a phone number but
it can't be reached during office hours that is also a sign that the site is
not legitimate.(Gheidaa Alrifai)
6.
User must check for the privacy and policy page. All major sites will have a
privacy and policy page that informs the user on how they are protecting the
user's personal information such as credit card numbers, and how they plan to
use this information or whether they will share or sell it to a third party.If
the site doesn't have this page the user must be cautious. (Gheidaa Alrifai)
No comments:
Post a Comment