Special Olympics New York, a non-profit organization that helps provide coaching to competitive sportspersons with intellectual disabilities, reportedly faced a breach of its email server. Hackers leveraged the opportunity to launch an email phishing campaign targeting the registered donors list of the non-profit organization.
Founded in 1970, Special Olympics New York has close to 67,000 registered athletes and around 3,000 coaches. They provide coaching and conduct athletic competitions based on Olympics sports for children and adults having an intellectual disability.
Leveraging the Christmas Holidays, hackers gained access to the email server of the organization and used it to launch an email phishing campaign. The two reasons why this campaign was threatening were:
- Timing of the Campaign – The campaign was launched during a period when most of the users (donors) are spending their holidays with their family and friends. And during such a period, finding a mail asking for donation towards a noble cause will have maximum number of hits. The hackers took advantage of the human psychology.
- Time Frame – In another email sent out by the attackers, they alerted of an impending donation payment of US$194,249 that would be automatically deducted from the donor’s account within two hours. This created panic and a sense of urgency to click on the links that redirected the victims to the phishing page.
“Apologies friends and fans! As you may have guessed, our account was hacked today. Please disregard a message that you may have received about a payment processing. While donating to us is always a good idea, we would never ask in such a grinchy way,” stated an email from Special Olympics New York to its donors. “The hack was to our communication system which only includes your contact information and no financial data. Please be assured that your contact information is protected and has been kept confidential”
Casey Vattimo, the SVP of External Relations for Special Olympics New York said that the issue has been fixed and donors can now continue donating securely without any apprehensions.
Earlier, the authorities of the Tokyo 2020 Summer Olympics issued a warning about an ongoing phishing campaign. The suspicious emails are designed to look like they’re coming from the Tokyo Organizing Committee of the Olympic and Paralympic Games 2020. The authorities stated that the phishing emails will redirect the recipients to fake websites or infect their computer systems with malware if opened.
“We have recently detected emails disguised to look like they are coming from a Tokyo 2020 staff member. Although the email may look official and legitimate, if you have no reason to receive such an email or if the content is questionable, you should not click on the link or open any attached files. It is highly likely that you would be directed to a phishing site or your computer would be exposed to a virus,” the authorities said in an official statement.