Hackers employed a new strategy to phish users. This time, they hacked Special Olympics New York to execute their phishing campaign.
Special Olympics New York Phishing
Reportedly, the Special Olympics New York suffered a hacking attack, after which the attackers exploited their platform. As revealed by Bleeping Computer, the hackers then misused their account for sending phishing emails to previous donors.
The phishing emails to the donors included a weird message stating that the organization will automatically debit a hefty amount.
We will debit you for $1,942.49 within 2 hours.
Following this sentence, the message included an embedded link in the next phrase, providing the supposed statement to the recipient.
Naturally, the sense of urgency aimed for the recipient to click on the link, and potentially fall victim to the phishing attack. The message contained a Constant Contact tracking URL that redirected the recipient to the attacker phishing site.
Here is a copy of the phishing email.
Special Olympics NY Apologized
Following the attack, Special Olympics NY sent a genuine message to recipients after recovering their account. They confirmed that some hackers misused their account to send fraudulent emails.
Apologies friends and fans! As you may have guessed, our account was hacked today.
They further asked all the recipients to disregard the phishing email as they would never ask donations that way.
They also ensured everyone that the incident only impacted their communication system. Users’ financial data remained secure.
The hack was to our communication system, which only includes your contact information and not any financial data.
Below is a copy of the genuine email from Special Olympics NY to the users.
Recently, a similar phishing attack aimed at pilfering financial data targeted towards Spotify users. Likewise, another phishing campaign also targeted Stripe users in October. However, the recent incident with Special Olympics NY is distinct in that the hackers hacked the organization’s email account to send phishing emails.
Stay safe everyone.