On Christmas Eve, Special Olympics of New York’s email server had been hacked and used for phishing attacks on previous donors. The hackers attacking Special Olympics of New York’s email server aim at stealing $1,942,49. In the phishing emails, the alerts for upcoming donation transactions are used as traps. The donation involves more than 67,000 children and adults with intellectual disabilities across New York State. According to the Special Olympics of New York’s Instagram post, “As you may have noticed, our email server was temporarily hacked. We have fixed the problem and send our sincerest apologies.”
Here is the phishing email asked previously to confirm a transaction that would be performed in two hours: “Greetings! We will debit you for $1,942.49 within 2 hours. Here you can preview your statement 12/27 (pdf version)Please review and confirm that all is correct if you have any questions, please find my office ext number in the statement and call me back. It is not a mistake, I verified all twice. Thank you, have a great weekend.”
The hackers set a short time frame, which is only 2 hours, for Special Olympics of New York donors to click on the malicious hyperlinks they embedded in the emails. This is a psychological technique to create a sense of emergency. So that people will not be able to think more and clarify the tricks. The phishing emails utilize a Constant Contract tracking URL and the links embedded would lead to a PDF file with the transaction statement on it.
According to the statement made by Casey Vattimo, the SVP of External Relations for Special Olympics NY, the organization has already urged the donors to disregard the last received message. In addition, they announced that no financial data was affected by this incident and the issue has now been fixed.