The upcoming Olympics in Rio de Janeiro pose as an immense opportunity for cyber criminals to deprive consumers of their financial data as enthusiastic fans seek sports scores and updates on their favorite athletes.
Hackers are prepped and eagerly awaiting the occasion for unsuspecting fans to click on links and purchase cheap tickets to events as they did during the 2012 London Olympics and the 2014 World Cup in Brazil.
A spike in the number of phishing attacks and email scams meant to imitate promotions for the upcoming Olympics has already transpired to infect consumers with malware and obtain their personal and financial data, said Thomas Fischer, principal threat researcher at Digital Guardian, a Waltham, Mass.-based cybersecurity firm.
"These attacks are typically associated with the Olympics by using the same branding for scam emails or websites," he said. "The Olympic organization can play a part in helping by reporting potential scam scenarios to the proper authorities and notifying the public."
By May, fraud experts were already aware of reports of phishing attacks, email scams and spam messages, said Dan Lohrmann, chief security officer of Security Mentor, a Pacific Grove, Calif.-based security awareness training provider.
"We have seen threat actors registering domains with names containing words such as Rio and Rio2016," he said. "Other scams use fake website names as an alias for another dangerous website delivering malware downloads."
The enthusiasm from fans only entices the hackers to target them along with businesses sponsoring the events through denial of service attacks, said Nathan Wenzler, principal security architect for AsTech Consulting, a San Francisco-based independent security consulting company.
"As the 2016 Summer Olympics in Rio approaches, so does the inevitable rise of attempts by cyber criminals to use this event to their advantage," he said. "Like the World Cup or the Super Bowl, the passion shared by fans across the globe makes for a perfect environment to target people with social engineering attacks, phishing emails and malicious websites that are tailored to the event itself."
When major events are held such as the Olympics, cyber criminals "exploit this global news event to manipulate, deceive and defraud consumers," said Joram Borenstein, a vice president of marketing of NICE Actimize, a New York-based financial crimes software solutions provider. "There's little reason to expect that 2016 will be any different."
The reason hackers are fond of holidays, well-known discount shopping opportunities like Black Friday and ceremonies is because people are increasingly attached to their smartphones and tablets and fond of the "always-on" media cycle, he said.
"Most people will click on anything seemingly noteworthy that appears in their social media feeds, their email inboxes or whatever other app that they use to keep up with the headlines," Borenstein said. "In fact, the more outlandish the headline, the more likely it is to trick people, especially when the headline is of a time-sensitive nature."
A surge in clickbaiting, waterholing, malvertising and other forms of social engineering should be anticipated such as fake headlines or attachments of photos from athletes allegedly setting records or video clips "claiming to show neck-and-neck finishes," he said.
When a headline or an announcement about an athlete or a sports event "appears almost too good to be true," consumers should reconsider it before automatically clicking on it, preventing hackers from getting the upper hand.
"The more outlandish it is, the more likely it is to be a fake," said Borenstein.
Don't Click on Links and Change Passwords
During the 16-day period of the Olympics when malicious activity increases, consumers can ensure they are not victims of the hackers by not clicking on links in emails, because more of them will be phishing ones, said Wenzler. Even ones that appear to be legitimate because they are using the Summer Olympics logo or is related to one of the sporting events or sponsor companies, skip the link and go directly to the website to verify information.
Even on legitimate news or Olympic-related sites, use different passwords to sign up for news alerts or a free giveaway.
"Do not use a password on these sites that you use anywhere else," he said. "Not only could the sites be a scam, but even if it is a real site from a valid sponsoring company, keep in mind that these companies will also likely be under attack from cyber criminals looking to steal this kind of sensitive data as well."
Advertising banners or links attracting fans to purchase Olympic-related items for purchase such as T-shirts, hats, as well as cups related to Olympic teams and medal winners are another strategy to entice people to click on links, said Lohrmann.
"Expect to see more websites popping up and scams with the names of global winning athletes, especially Americans winning gold medals," he said. "The bad guys will pretend to offer whatever is viral in order to get you to click."
Downloading files or videos is also another way for cyber attackers to prey on people. Even if your favorite event or athlete competed at 2 a.m. and you did not get a chance to watch, hackers are planning to use malware and other malicious programs to enter your email and steal your information.
"Avoid the temptation of downloading videos, recaps or other files from unauthorized sites simply because it's easier," Wenzler said.
The latest patches offered by software and anti-virus companies should be heeded and not ignored.
"By now, everyone should be fairly used to patching their systems and running some form of anti-virus or anti-malware software," he said. "Run these updates at least once a month, if not more often. This can help reduce the potential of well-known malware from being installed on your systems, even if you should accidentally click a link in an email or download malicious files."
Before the Olympics start on August 5, determine which websites can be trusted, said Lohrmann.
"Before, during and after the Olympics, stay on those websites, especially if are using a credit card to buy something," he said. "Know where your children are going and ensure they are safely watching Olympic content."
Websites that stream Olympics coverage could also come with numerous scams, said Joe Carson, head of global strategic alliances at Thycotic, a Washington, D.C.- based provider of privileged account management solutions.
"These scams can result in stealing the victims' credentials, passwords, credit card information and infecting their computer or smartphone with malicious software or even ransomware," he said. "These can lead the unknowing victim to spread malware to family and friends, losing sensitive data or a major financial impact."
Even messages from friends through social media should be regarded as suspicious because determining if the links are authenticate is not always easy.
"Many scams are so good these days that they are almost impossible to detect, Carson said. "Use the latest web browsers and do not enter information into these websites as it is a high probability that they are scams and unfortunately, you will be the next victim."