Special Olympics New York Hacked to Send Phishing Emails

2 Mins read

Special Olympics of New York, a nonprofit organization focused on competitive athletes with intellectual disabilities, had its email server hacked around this year’s Christmas holiday and later used to launch a phishing campaign against previous donors.

Special Olympics NY provides sports training and athletic competition to more than 67,000 children and adults with intellectual disabilities across New York State (66,835 registered athletes and unified partners according to this fact sheet).

The nonprofit sent a notification to disclose the security incident to the people affected, urging the donors to disregard the last received message and explaining that the hack only affected the “communications system” that stores only contact information and no financial data.

“As you may have noticed, our email server was temporarily hacked. We have fixed the problem and send our sincerest apologies,” an email notification from Special Olympics New York told donors.

“The hack was to our communications system, which only includes your contact information and not any financial data,” the notification stated. “Please be assured that your contact information is protected and has been kept confidential.”

Phishing for credentials

The phishing emails delivered by the attackers was camouflaged as an alert of an impending donation transaction that would automatically debit $1,942,49 from the target’s account within two hours.

Using such a short time frame allowed the phishers to induce a sense of urgency designed to make the Special Olympics NY donors click on one of the two embedded hyperlinks, links that would supposedly redirect them to a PDF version of the transaction statement.

“Please review and confirm that all is correct, if you have any questions, please find my office ext number in the statement and call me back,” the phishing emails said. “It is not a mistake, i verified all twice. Thank you, have a great weekend.”

The phishing email utilized a Constant Contact tracking URL that redirected to the attackers’ landing page. This page has since been taken down but was most likely used to steal donors’ credit card details.

In a statement, SVP of External Relations for Special Olympics NY Casey Vattimo said that donors can now make donations securely as the issue has now been fixed.

Additionally, all amounts donated to Special Olympics NY through December 31 will be tripled courtesy of Finish Line. If you wish to, you can donate by going to this donation page.

Olympics staff targeted in cyber-attacks

In related news, Tokyo 2020 Summer Olympics staff also issued a warning alerting of a phishing campaign that delivered emails designed to look like coming from the Tokyo Organizing Committee of the Olympic and Paralympic Games (Tokyo 2020).

They also said that the malicious emails most likely redirected the recipients to landing phishing sites or infected the victims’ computers with malware if opened.

Last year, in February 2018, destructive malware dubbed Olympic Destroyer was used to sabotage systems of the Pyeongchang 2018 Winter Olympics as part of a coordinated attack that led to IT problems the opening ceremony such as failing Internet and television systems.

Two weeks before the Pyeongchang incident, McAfee researchers also released a report on a Powershell-based malware strain that was used to target the same Olympics organizers right before the event’s start.

Related posts

WSJ report about Google search manipulation gets a lot wrong

No one would argue that Google is a pure, shining force for good in the world. But neither do we agree that…

AWS Data Pipeline Vs AWS Glue: Complete Difference Explained

Amazon Web Services are dominating the cloud computing and big data fields alike. In the last blog, we discussed the key differences…

Samsung Galaxy S10 tips and tricks: Every model

We’re deep into 2019 but February’s Samsung Galaxy S10 phones are still some of the best handsets you can buy right now….
Get Latest Updates On Technology

We respect your privacy!

Leave a Reply

Your email address will not be published. Required fields are marked *