Hackers Attempt to Hijack Special Olympics New York to Send Phishing Emails to Donors

Hackers Attempt to Hijack Special Olympics New York to Send Phishing Emails to Donors

  • The phishing emails drafted by hackers were camouflaged as alerts for upcoming donation transactions.
  • People affected in the security incident were informed by the nonprofit about the phishing attempts.

Recently, there was a cyberattack on Special Olympics, New York, a nonprofit organization focused on competitive athletes with intellectual disabilities. The cybercriminals later launched a phishing campaign against previous donors.

What happened?

Special Olympics of New York had its email server hacked around Christmas eve. The hackers turned this break into a bigger opportunity aiming to siphon off $1,942,49 through phishing attacks on previous donors. The phishing emails drafted by them were camouflaged as alerts for upcoming donation transactions.

    The nonprofit provides inclusive opportunities to more than 67,000 children and adults with intellectual disabilities across New York State.

    How the hackers plotted?

    The phishing email asked previous to confirm a transaction that would be performed in two hours.

    "Greetings!
    We will debit you for $1,942.49 within 2 hours.
    Here you can preview your statement 12/27 (pdf version)
    Please review and confirm that all is correct if you have any questions, please find my office ext number in the statement and call me back.
    It is not a mistake, I verified all twice.
    Thank you, have a great weekend," read a sample phishing email, BleepingComputer reported.

    The hackers induced a sense of emergency by enabling a short time frame (two hours) to make the Special Olympics NY donors click on one of the two embedded hyperlinks.

    The links would redirect to a PDF version of the transaction statement. The phishing emails utilized a Constant Contact tracking URL that redirected to the attackers' landing page.

    The response

    "As you may have noticed, our email server was temporarily hacked. We have fixed the problem and send our sincerest apologies," Special Olympics New York said in a post on Instagram.

    People affected in the security incident were informed by the nonprofit about the phishing attempts. The nonprofit urged the donors to disregard the last received message. The firm also informed that no financial data was affected by this incident.

    Casey Vattimo, the SVP of External Relations for Special Olympics NY, also said in a statement to the media that donors can now make donations securely as the issue has now been fixed.