By Nathan Wenzler, Principal Security Architect, AsTech Consulting
As the 2016 Summer Olympics in Rio de Janeiro approaches, so does the inevitable rise in attempts by cyber-criminals to use global events to their advantage.
Like any other major sporting event in the world, including the World Cup, NCAA Tournament or the Super Bowl, the passion and enthusiasm shared by fans across the globe makes for a perfect environment to target people with social engineering attacks, phishing emails and malicious websites that are tailored to the event. Plus, fans and participants aren’t the only ones being targets. Sponsoring businesses should be wary of these types of ploys as well, and has been seen in the past, the Olympics organizations will be targets of Denial of Service (DoS) attacks and other more disruptive attacks as well.
The various scams that we’ve seen before at these sporting events have been well documented. Already, we’re starting to see the same happen for the 2016 Summer Olympics, and these attacks are getting more and more sophisticated. As reported in securelist.com, the phishing emails are the typical attempts to get malware loaded via attachment or to redirect you to a fake website where they try to get you to input your personal information, but the scammers are also registering their domain names and using SSL certificates to feign legitimacy to the casual observer. Because of this, it’s becoming more and more imperative that everyone increases their awareness and questions anything that might seem the slightest bit out of place in relation to the Olympic Games.
While technology and security firms across the globe are rallying together to protect all of the information and technology assets involved with hosting the Olympics, there is much that each of us can do individually to protect ourselves during this time of increased malicious activity. Here are four suggestions you can tell your users to follow to minimize the risk of falling for one of these scams:
*Don’t click on links in emails. This is the same advice that is always given in regards to phishing emails, but as there is likely to be more and more of these emails sent, most of which will look legitimately related to the Olympics, it’s important to keep this basic piece of advice in mind and not click on links within email. If an email is sending you to a site related to one of the sporting events or sponsor companies, be sure to go to that site directly yourself to verify the information.
*Do not use the same password on Olympics-related sites. There will be many companies running campaigns during the Olympics, asking you to sign up to get the latest news or participate in a free giveaway. Like any other situation, but especially in this case, do not use a password on these sites that you use anywhere else. Not only could the sites be a scam, but even if it is a real site from a valid sponsoring company, keep in mind that these companies will also likely be under attack from cyber-criminals looking to steal this kind of sensitive data as well. So, secure your passwords and login information well from these sorts of promotions.
*Don’t download files, videos or other promotions. Did you miss your favorite event because it aired at 2 a.m.? Avoid the temptation of downloading videos, recaps or other files from unauthorized sites simply because it’s easier. This is a simple way for malware and other malicious programs to make their way on to your system and allow hackers to steal your information.
*Do keep your system up to date with the latest patches and anti-virus signatures. By now, everyone should be fairly used to patching their systems and running some form of anti-virus/anti-malware software. Make sure to periodically check these updates and run them at least once a month, if not more often. This can help reduce the potential of well-known malware from being installed on your systems, even if you should accidentally click a link in an email or download malicious files.
These simple steps will negate most every type of phishing scam or social engineering attempt performed electronically, and protect you and your information from ID theft and financial fraud. Remember, also, that most legitimate sites aren’t going to ask you for personal details. You should never give up any information that might allow someone to access your bank accounts, email accounts and other areas that are private. Information such as your social security number, password, answers to your standard security questions (i.e., “What was the name of your first pet?”), and even your name, address and phone number can all be used to try and acquire access to your financial records and other personal information.
As with any major sporting event, awareness is key. It is important that we all continue to be vigilant for these kinds of scams which look to take advantage of the enthusiasm we have during these global competitions. This will not only help to keep you and your information safe, but will allow you to worry less about malware and enjoy supporting your country throughout the Olympics.
Nathan Wenzler is the Principal Security Architect at AsTech Consulting, an information security consulting firm.