REPORT: Phishing in Q3 2021

REPORT: Phishing in Q3 2021
Phishing, Olympic Games 2021, EURO 2020, F1 Grand Prix, Scam, Online scam
Written by Wilbur Woodham

Phishing was always a serious threat. It is hard to calculate the amount of scammed people through the last two decades, when it appeared and developed. I think that almost everyone who has a regular Internet connection saw a phishing page or banner at least once. But since the start of the pandemic, phishing has become even more unpredictable, obtaining forms that were not seen before.

Phishing in Q3 2021: general themes

One of the biggest sources for a disguise for phishing campaigns in 2021 was the Olympic Games in Tokyo, EURO 2020 and F1 Grand Prix. Previously, such a spike in fraudulent activity was witnessed in 2018, during the World Football Championship in Russia. Ironically, a Russia-oriented scam was on top in 2021, too, along with the aforementioned scam on the sport events theme.

World Footbal Cup 2018 scam

There were n categories of phishing pages – fake translations, fake ticket services and fake lotteries (giveaways). In fact, all these types have a single target – to get your personal data and/or banking information. They mimic the official pages, trying to bait you to type your credit card number and CVV code. Pretty much the same as all other phishing examples – but just look at how they offer it!

Fake tickets for the event: never seen you, never sold you that ticket

A lot of people were trying to get a ticket to the stadium, where the event takes place. When the official sources stopped the ticket selling, the only remedy left was the resellers’ web pages. Those are held by enterprising people who purchased the tickets earlier and now resell them at a higher price. There is no guarantee that the site you’ve found is legit, and you will get your ticket – you can rely only on the rumours and “global experience”.

Fake tickets EURO 2020

But in the haste of the sporting events, people just forgot to check all needed things. They typed their data on fraudulent websites without a doubt. One page just steals the banking card info, others also charge you with the sum “for a ticket”. This or another way, you have your card stolen, and you would be a big lucker if your bank has local affiliates, where you can re-emit your card.

Pseudo-streaming of the sporting games

Besides the folks who would like to see the live sporting competitions, there are also enough people who prefer to watch the streams of the events. Scammers took care of them, too – offering a huge amount of websites that offer to see the live videos of ongoing competitions. In fact, these badly designed pages, full of disgusting ads and links, do not provide any streams. They may show you the preview of some sort, and then ask you to pay a relatively small sum for getting access to all broadcasts. You will not get any functions at these pages, instead, your banking card data will be transferred to the crooks.

F1 Grand Prix phishing scam

Lotteries: an attraction of unprecedented generosity

Malware distributors are always forced to invent something new. Old methods are getting less effective, since even the most reckless users can recognize the fraud and avoid it. But in some cases, email spamming with letters like “you won a prize”, or showing the ads with this content is effective. They disguise this fraud as a lottery timed to the Olympic Games in Tokyo, or to the Grand Prix race. In the cases when such spam appears on your email, the letter will state that your email won (even if you did not use it in any events like this).

Email scam lottery

“You won a prize” with mentioning your IP address is a winner is even more comical, but has the same result. Both banners and emails contain a redirect link that leads to the website where you are instructed.. to specify your bank card info – in order to pay commission for money transfer on your card. You will see neither won money nor your own money – crooks will just steal them from your bank account.

Assuming the phishing on sport events

Seems that crooks did their own Olympic games, in the disciplines of “who makes the most attractive fraud”, “whose site will not be banned for the longest time” and “who will steal more bank cards”. Additional discipline was “spend the least money on site design and server maintenance” – the fake pages were hosted on the cheapest domains and hostings.

As always, fraudsters played on the people’s greed and haste. Super-attractive prices and scarce time did their job – people were typing their card information without any doubts. The fact that the old-as-the-world scheme still works says a lot about the level of knowledge about online security among commoners.

The number of scammed users is unknown, and it is hard even to say about estimates. These frauds were touching much more than just the people who watched the sporting events. Adware maintainers were not choosing only the people who are interested in it – they display the ads to everyone.

Out-of-context phishing frauds

It is obvious that crooks don’t turn active only when there is a suitable event to mimic. During Q3 2021, they spammed a lot of users with some fictional news – with an offer to get a prize, of course. And I am talking not only about a classic “You have made the 5 billionth search” scam – they are trying to find a better disguise now. At least, the ones who created the newest spamming campaign did something really original.

“IKEA 80th anniversary”, “TESCO 100th jubilee” – we witnessed many variations. You may easily bust each of these “celebrations” by just googling the real age of companies. IKEA will celebrate its 80th anniversary only in 2023, and TESCO had its 100th birthday two years ago – in 2019. As usual, those scams were aimed at your banking card info.

IKEA TESKO phishing scam

Sometimes, they fall to the banal “giveaways”: fill the fields to receive the prize that’s already waiting for you. In that blank, you are asked about your personal information (name, surname, delivery address, email, phone number, etc.). Sure, it is less dangerous than stealing the banking card information, but does it matter? You will not lose your money, but your email and phone number will be flooded with spam messages. “Buy iPhone for $10!”, “Decrease the energy bills with this device!” – a perfect headache source, isn’t it?

Russia is in scammers’ scope

Russia, along with all other Commonwealth of Independent States countries is considered as the source of all major ransomware families. Seems that cybercriminals from Western countries decided to commit revenge in that way. A massive amount of scam pages appeared, offering different giveaways like the aforementioned “IKEA Anniversary” frauds. It is hard to trace the origins of those pages, but the poor translation together with mistakes in facts about used disguises says a lot about their origins. At least they are not Russians and unlikely Slavic at all.

To target Russians, fraudsters wore the skin of well-known retailers from the Russian Federation. Perekrestok (“The Crossroad”, chain of supermarkets), Detsky Mir (Children’s World, kid stuff shops) were the most used names. The scheme is pretty the same: we provide a giveaway, you won, type us your bank card numbers to get your prize (or personal info to get your prize shipped to your door). Is it worth repeating that you will not receive a thing?

Detsky Mir scam

Cookie selling pages

Another type of scamming that was aimed at Russians was the cookies selling. That tricky fraud not only drags out your credit card data but also forces you to give your cookie files to the crooks. This is even more dangerous, since cookie files may contain even more sensitive data. Login information to the websites you use, search queries, advertising preferences – all these things may be found in cookies with the use of specific software. Sharing them is very risky, and getting paid for it is a very stupid way to say “goodbye” to your privacy.

Cookies selling scam phishing

Fraudsters offer up to $5000 for your cookies. As in all other cases, you will not get any payment, and the bank card details you type on the website will be used for online purchases, or for stealing the money from your card. Sometimes, they offer you to use their own payment system – declaring that it is safe and you will not expose your bank card in any way. In that situation, they ask you to pay a certain sum (500 Russian roubles, about $7) to “activate your wallet in the payment system. Surprisingly, for that purpose, they use a legit payment system – Russian “МИР” (WORLD)1. Your card will really remain unexposed, but then, they just disappear with that sum and your cookies.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)


  1. Article about this payment system on Wikipedia.
REPORT: Phishing in Q3 2021
REPORT: Phishing in Q3 2021
Phishing in the third quarter of 2021 obtained the form of websites related to sporting events. Besides that, there was a massive attack on Russian users.

About the author

Wilbur Woodham

I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

Leave a Reply