Scammers Go for Gold: Rio 2016 Olympics Cybersecurity
As the Olympics draw to a close this coming Sunday, we can reflect on these two weeks full of the sport, glory, and friendly competition that the Games are meant to bring to the world stage. However, this year’s Olympics in Rio De Janeiro have also been riddled with security threats. Be it participants & journalists being robbed at gun point when venturing outside of the Village at night, terrorist threats, or multiple limbs washing ashore on Rio beaches—these Olympics have been full of terrifying surprises. But one of the greatest dangers facing the Games that does not get as much attention is cybersecurity. Any event that is presented on such a grand scale attracts not only millions of spectators, but hackers as well—and none are quite as famous as the Olympics.
“Cyber intelligence companies and western government officials warn that the two-week sporting festival, which began last Friday, could lead to some of the highest levels of cybercriminal activity in years.” — Financial Times
Phishing
Brazil is known for having one of the weakest cybersecurity defenses year round, so having the public eye completely focused on them means a challenge for cyber experts in the country and across the globe. The biggest cyber threat facing people in Brazil and around the world is phishing. In fact, Kaspersky Lab has seen an 83% jump in phishing attempts surrounding the months leading up to and weeks during the Olympics. Scammers are doing this by buying low-cost SSL certificates to make their fake websites appear authentic and trustworthy by using domains that include “Rio” or “Rio2016” and many are using these malicious URLs as a delivery method for ransomware.
Many of these phishing scams include fake ad banners that have similar logos to the Official Rio 2016 sign. Some make bogus promises like the recipient of the email has won an all-expenses paid trip down to Rio for the Games in a lottery-style announcement, while still others claim to be selling magic pills that would allow the user to become an “Olympic-level Athlete.” While these situations are ridiculous and even laughable, far too often, people click on the links only to find those hopes have been squashed.
How to avoid: The best way to avoid being caught in a phishing/ransomware scam is to not click on any email or links sent to you by people you do now personally know. If you do decide to click on a link, make sure that it has the secure “https” in front of the web address in order to ensure its validity. If an email from a random person seems too good to be true, it likely is.
Fake Rio 2016 Apps
In addition to the email phishing scams surrounding the Olympics, the Rio 2016 app—meant to keep fans and spectators up-to-date on things like breaking news and medal count per country—has 4,500 copycat versions across Android and iOS platforms that are malicious and could potentially put your smart phone at risk. Many attempt to take over the infected phone or the victim’s social media accounts and some steal data right off of the smartphone itself. If a victim had sensitive information on her phone such as banking information, this would have been an even greater loss all because of a malicious app download.
How to avoid: The best way to avoid this is only downloading apps from trusted sources and not third-party app download providers. Of course you want to stay updated on just how many medals Simone Biles or Michael Phelps have won, but by using the legitimate Rio 2016 app, you can feel more assured that your phone is not compromised in the process.
Tourist Cyber Threats
Now, for those who decided to make the once-in-a-lifetime trip down to Brazil to witness the Games in person, there are many different, targeted threats that you may be facing. Bank fraud, insecure Wi-Fi, and stolen electronics are among the biggest threats to tourists at the Summer Games this year. Here are some tips for avoiding these in-person cyber threats:
How to avoid:
- Don’t use insecure Wi-Fi—Especially for sensitive professional or personal information, using unsecured Wi-Fi connections could result in your data being compromised and possibly stolen. Use this time for vacation and not work so as to protect your employer and the company you work for.
- Keep your electronic devices with you at all times while traveling—Our mobile devices have so much personal information on them now, so by keeping them on our person or somewhere else where we know they will be safe, we can lessen our chances of data being stolen in that way.
- Do not give out your information to anyone who does not need it—Banking, personal, and other information could be dangerous if they fell into the wrong hands. Make sure you do not give any of this out to people who are not required to have access to it. Giving out your bank information specifically, is a surefire way to get your accounts wiped out or other information linked to them stolen or compromised.
- Monitor your bank accounts while abroad—Though you should always monitor this information, when travelling it is especially important to be aware of when your money is going. If something looks fishy, notify your bank immediately. When in doubt, exchange your money for the local currency so as to further protect your bank accounts.
- Keep your passport close and other IDs close—Though this has less to do with cybersecurity and more personal security, in addition to bank fraud, your passport in the hands of a criminal makes it that much easier for your identity to be stolen. By keeping your passport safe, you’re protecting yourself in the long run as well.
The Olympics are meant to promote unity across nations through friendly competition, but hackers will always view global events such as this as huge targets for attack. By being informed and informing others of potential risks, we can help protect against these threats and enjoy the Games as they were meant to be enjoyed.
Hailey Carlson | Axiom Cyber Solutions | 8/18/2016
