Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.
The Scammer Olympics: How hackers use spectacle to defraud users
Whenever there’s a big cultural event, especially an international event like the Olympics, scammers are going to jump on the opportunity to ply their trade.
This time around, industrious cybercriminals are getting extra creative and coming up with all sorts of new of campaigns, doing everything from harvesting credentials to even targeting the games themselves. We talk more about the cyber risks of the Olympics in episode #63 of the Get Cyber Resilient Show podcast, so do give it a listen.
Scammers trying to use the Olympics as cover for scams is nothing new; every major event attracts its fair share of bad actors. In the early days of the pandemic, we saw tons of COVID-19 scams, from fake online shops popping up overnight selling masks to fake COVID-19 tracking apps and a torrent of scammy emails exploiting peoples’ anxiety and fears around the virus.
We dive into more detail about the cyber risks to organisations in the ‘Risk Radius of Tokyo 2020’ webinar, but for most people, the real danger lies in fraud. The Olympics represent a great opportunity for hackers: they know that piggybacking on the buzz of the events is a great way to sneak past the better judgment of sports fans and trick them into a scam.
Olympic hackers are doing everything from harvesting credentials, stealing personal information and tricking their targets into installing ransomware, to scamming them into buying non-existent products.
Let’s take a look at some of the most common types of scams and what you can do to stay out of the scammers’ clutches.
Be careful where you stream
The pandemic means that almost everyone is watching the Olympics at home, often relying on streaming services to watch the action. That means there are many, many people looking for free ways to stream the games, and that means it’s the perfect chance for hackers to set up fake streaming sites to lure you in.
There is no shortage of phishing pages promising you free HD streaming for the games. Here's how they get you: they ask you to register to watch. Once you enter your credentials on the site, not only do they go straight to the hackers, they might even try to get you to install a ‘video player’ or plugin, which is most likely ransomware. Avoid streaming from any unknown websites or video services.
Not all Olympics deals are a bargain
Even though there are no live audiences this year, scammers are still trying to sell tickets. The really clever hackers have set up fake pages offering refunds to sports fans who already purchased their tickets. There are even fake pages promising everything from Olympics-themed cryptocurrency coins to commemorative merchandise. Buyer beware.
The worst offenders are phishing sites that promise free stuff. Some of these sites can be exact replicas of well-known and trusted brands. Enter a contest to win a free TV? Sounds like a bargain! Except, it might be a phishing site designed to steal your credentials and your money.
The basic rules of good cyber hygiene apply: never click on a link, especially if it came through an email or text message. If you want to enter a contest, visit the brand’s official homepage and sign up from there.
That official-looking Olympics site may be anything but
There are tons of phishing pages out there disguised as official Olympic websites. Scammers are hard at work creating fake pages that look official and seem connected to the International Olympic Committee. This is another way to harvest credentials, with sites promising you live updates from the games, exclusive content or giveaways. If you land on an official-looking page and it invites you to ‘sign up’ for anything, always treat it with suspicion. Even logging in with your social media credentials can open you up to all sorts of credential harvesting scams, so keep an eye out for dodgy-looking URLs, typos or weird graphics, all of which are the hallmarks of scammy websites.
Always think twice before you click
There’s an endless variety of scams out there, and its next to impossible to list them all. The important thing to remember is that cyber scammers operate like any other kind of scammer: they try to bait you into giving up something valuable. So if any website, email phone call or text message seems to be trying really hard to get you to hand over info or click on a dodgy link, the best defence is to put a stop to it right there and then.
Hang up the phone, delete that email, ignore that text. If you really want to check if that message was legitimate, start over and go straight to the source, whether it's visiting their official website or calling on their official number.
Stay safe, stay alert, and enjoy the games!