Special Olympics New York provides inclusive opportunities for people with intellectual disabilities to compete in Olympic-style, coached sports.
Unfortunately, the nonprofit organization was hacked during the Christmas holiday and the attackers later used its email server to launch a phishing campaign against its donors.
“Friends, Boo! As you may have noticed, our email server was temporarily hacked. We have fixed the problem and send our sincerest apologies. While donating to Special Olympics NY is always a good idea, we would never ask in such a
“We immediately heard from so many of you and for that we are grateful.
We are sorry for the inconvenience and hope you are all enjoying your holiday season!”
The organization disclosed the hack and announced to have locked out the attackers, it also sent a data breach notification to affected people, recommending them to disregard the last received message from the organization.
Special Olympics New York reported that intrusion only affected the “communications system” that contained donors’ contact information, it also pointed out that no financial data was exposed.
The phishing messages sent to the donors alerted them of an impending donation transaction that would automatically debit $1,942,49 from the target’s account within two hours.
Using this trick attackers aimed at tricking the victims into clicking on one of the two embedded hyperlinks that were redirecting them to a PDF version of the transaction statement.
“Please review and confirm that all is correct, if you have any questions, please find my office ext number in the statement and call me back,” read the content of the phishing emails. “It is not a mistake,
The phishing email utilized a Constant Contact tracking URL that redirected the victims to a page designed to steal donors’ credit card details.
Casey Vattimo added that users could now make donations without problems, she also added that all amounts donated to Special Olympics NY through December 31 will be tripled courtesy of Finish Line.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – Iran, hacking)