CASE STUDY


"" In this page we will have an example about phishing website from real life, and we will discuss how to protect yourself from this issue. this case about Olympics ""


Lawsuit: Shut down fake Olympic ticket Web sites

August 4, 2008, Cnn.com


The IOC and the USOC filed lawsuits on July 22 against several Web sites -- primarily www.beijingticketing.com and www.beijing-2008tickets.com -- for illegally using
Olympic trademarks to dupe customers into giving them credit card, passport and banking information. Several consumers who purchased tickets from the site contacted the USOC when they did not receive tickets, despite numerous calls and e-mails to the Web sites founder, according to a USOC press release.




The scam has hit Olympic fans in the United States, Australia, New Zealand, England, Japan, China and Norway, according to media reports. This website was developed by an expert hacker who beleived to be arrested in London and managed to steal the victim's data. The hotline has received hundreds of calls from around the globe with consumers detailing losses as high as $57,000. That site is now shut down and no contact information is available.



The site www.BeijingTicketing.com priced tickets for Friday's Olympic opening ceremony at about $2,000, with events such as swimming selling for between $300 and $500. The site is the first entry that comes up for a Google search for "Olympic tickets," second only to the authorized dealer of Olympic tickets, www.cosport.com. The Web site ww.beijingticketing.com site lists a London phone number, which rang unanswered. The site lists an office address in Arizona.



Source:

Beijing Olympic Ticketing Cyber Crime Analysis
What are the things that users should do to prevent such attacks?

First countermeasure means an action, device. Or procedure, or technique that reduces a threat, vulnerability or an attack. it is considered phishing; To avoid being exploited by attacks targeting websites, certain technical measures can be implemented to help prevent and detect any abnormal incidents. As there is no guarantee of a perfectly secure website, a proper incident handling procedure should be implemented.


1.         Ensure that your operating system and key system component such as the web browser is fully patched and up to date. “ PDF ”. We should check our browsers, at least weekly or monthly for new updates, install new versions; this will avoid you from getting attacked, because they develop the security system and privacy in every update.

2.         Ensure that you keep up a successful programming (software)  to battle phishing. for example Norton™ Internet Security detect and automatically block fake websites.  SOURCE “. Even theirs other software similar to Norton you can install immediately,  it will block fake websites from your browser and make you secure.

3.         Check the website URL that “before the website name”, check the email address. Check to see whether the address/URL matches that in your statements or previous correspondence with your financial institution. “SOURCE“ Because sometimes they change only one letter or symbol, so you should be aware of that thing and see it before you enter any personal information about you even look at the duplicate image of a real company, and Copy the name of a company or an actual employee of the company then compare it. For example like this the real website for Olympics (http://www.olympic.org/), but this is fake website (http://www.olympc.com/ ) the different two is only one latter if we didn’t focus will not discover it because when you look once fast your mind will see the real latters, but if you look again your mind will focus on the latter and aware you that not correct.  
(Albatool Alukayli) 

4.         Check with the event organizer, promoter or venue how and when tickets are being distributed. To make sure in which website it will be available and when the time of ticket selling due date So do not exposed to stolen from the fake website and person   

5.         Check where the company’s office is and whether they have a landline in this country and a proper address rather than a PO Box. Because to know about it and make sure do not be fooled or be fake company it's better contact them immediately, after we confirm from them we can buy the ticket from website with confidence.

6.     Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made, it's important to check your bank statement to know no unauthorized access and check it with the bank and report to the bank quickly if there any doubt

        (Latifa Altwaem)    


ê For more information about the attack please visit our          classmate “blog1”and  “blog2”.






















No comments:

Post a Comment