Criminals have launched online fraud schemes to steal victims’ identities, confidential data and money, security company says
After an almost year-long delay, the Tokyo 2020 Olympic Games are taking place without spectators to stem the spread of the coronavirus.
From a cybersecurity perspective, the move has minimised the chances of data theft by criminals who could exploit vulnerabilities within the public Wi-Fi networks in the stadiums.
However, industry experts urged greater caution as cybercriminals become more creative with ways to take advantage of unsuspecting sports fans.
In the past few weeks, online schemes to steal victims’ identities, confidential data and money were launched, Moscow-based cybersecurity firm Kaspersky said.
“Cybercriminals always use popular sports events as bait for their attacks … [they] have no limit when it comes to creating new ways to take advantage,” said Olga Svistunova, a security expert at Kaspersky.
“We discovered an interesting phishing page selling Olympics Games official [virtual currency] tokens … cybercriminals are not only faking existing bait but also coming up with their own sophisticated ideas.”
Phishing campaigns, one of the most common attacks, are usually designed to steal personal information.
five tactics that cybercriminals are using to target Olympics followers.
- Malicious live streams
Most spectators are following the Olympic Games online and relying on streaming websites. Kaspersky found phishing pages offering free streaming of the Games. They ask users to register before watching and collect their confidential details, which are sold on the dark web to other criminals. Moreover, when users attempt to create accounts on these suspicious pages, they are directed to other malicious websites, too.
2. Selling counterfeit tickets
Despite a ban on spectators at this year’s Games, fraudsters are trying a well-tested trick – selling fake tickets. Kaspersky said there are fake pages offering refunds for already purchased tickets.
3. Fake entities representing Tokyo Olympics
Pretending to be Olympics officials, cybercriminals are approaching businesses and individuals with sponsorship offerings. Kaspersky found a page masquerading an official website for the Games and a page mimicking the International Olympic Committee. These websites were created to collect personal and financial information.
4. Offering free gifts
There are many phishing pages offering users a chance to win a television that would be ideal for watching the Games.
“This is quite popular and, usually, each user becomes a lucky winner … with the chosen ones only needs to pay for the delivery fee. No need to say, the TV never gets to the deceived user,” Kaspersky said.
5. Tokyo Olympics online tokens
Cyber researchers found the first fake online currency, which is purported to be used to support a fund for athletes participating in the Tokyo Olympics. If a user buys the token, the scammers offer to support talented sportsmen and women in need.
What sports fans should do to avoid attacks
- Сheck the link before clicking on it. Always look for misspellings or other irregularities.
- Check the authenticity of websites before entering personal data and only use official webpages to watch the Games.
- Use a reliable security solution that identifies malicious attachments and blocks phishing sites.