The email server for Special Olympics of New York was temporarily hacked, subsequently launching a phishing campaign.
The nonprofit organisation focusing on competitive athletes with special needs, announced in an email notification that it had its email server hacked over the Christmas period.
The compromised email server was then used to target donors with phishing emails telling recipients that an automatic donation of $1,942.9 would register on their accounts in the next two hours.
The email then requested recipients to view a PDF statement, embedded into a link, to verify the transaction details.
The phishing email uses a Constant Contact tracking URL which redirects recipients to the attacker’s landing page. The page was most likely used to steal recipients’ personal and/or financial information.
“While donating to us is always a good idea, we would never ask in such a grinchy way. The hack was to our communications system, which only includes your contact information and not any financial data. Please be assured that your contact information is protected and has been kept confidential,” the notification said.
Casey Vattimo, SVP of External Relations for Special Olympics NY, confirmed that the issue is now fixed and donors can securely make donations again.
The post #Privacy: Special Olympics New York discloses hacking incident appeared first on PrivSec Report.