By Kate Northrop
The New Jersey Lottery misspelled the address of their second-chance website on lottery tickets, leading players to visit a malicious website with the potential to install malware on their computer.
According to the Lottery, a state vendor programmed store registers to print an incorrect web address on tickets for playing "Collect 'N Win," a second-chance promotion that has been running for about three weeks.
Bill Bauer, a former software engineer from Edison, said he encountered the error while trying to take advantage of the promotion with the Pick 3 lottery ticket he purchased at the Quick Buy Convenience Store in Edison on NJ-27.
After visiting the website printed on the bottom of the ticket, he instantly knew something was amiss.
"A message came up on the screen, saying 'Your computer has been hacked,'" Bauer recalled. "And it started doing some counting down, and it said you have so many minutes to click 'here' to correct the problem. I knew that it was a malicious website."
Those who visited it may have faced other sneaky attacks such as pop-ups and messages that might prompt an unsuspecting user to click on something they shouldn't. A scammy website like this one might also attempt to load malware or malicious code automatically, even without the visitor clicking on anything.
"I'm sure that other people are not as sophisticated, especially if they go to a New Jersey Lottery-sanctioned site and then are told 'you've been hacked,'" Bauer added. "That almost adds a power of magnitude of authenticity."
After the Lottery was informed of the printing error, New Jersey Lottery Communications Manager Missy Gillespie said that the website should have read "njcollectandwin.com." Instead, the word "and" had been replaced with the letter "n." It is possible that a scammer noticed the misprint and bought the domain to host the fake website.
In an e-mail, Gillespie stated that the Lottery had received 700,000 entries in the past three weeks for the Collect N' Win promotion but had not received any calls or emails regarding the problem. The printing error has since been fixed.
The Lottery is currently trying to identify who created the look-alike website and is investigating what can be done to get it removed. The Lottery also encourages those who have questions or concerns to call 800-222-0996 or email firstname.lastname@example.org.
As of the time of this writing, the fake website is still in operation. Lottery Post visited the website using a "sandboxed" session that prevents infection of the computer, and a screenshot is included below.
The website is intended to mimic the look of common McAfee anti-malware software, stating (wrongly) that the person's computer is infected. The website also plays a loud error tone that is designed to sound like an important alert. If a person were to click the buttons on the fake warning messages, the website would proceed to actually infect the person's computer with malware.
Anyone seeing malicious websites like this should immediately close the browser tab that is showing the page, and be careful to not click any of the buttons on the page before closing it.
(Click to display full-size in gallery)