After an unprecedented delay due to the pandemic, the Tokyo 2020 Olympic Games began last Friday, July 23, 2021. All events will be held without a public, in order to reduce physical risks, both from the point of view of view of health as cybersecurity (for example, there are those who steal data by taking advantage of the vulnerabilities of the wifi available at the stadium).
However, sports enthusiasts should not forget that cybercriminals will try to capitalize on their enthusiasm to attend the Olympic Games by putting in place various cybercrime strategies.
To find out how cybercriminals try to monitor viewers’ interest, Kaspersky experts analyzed sites in phishing related to the Olympic Games, designed to steal users’ credentials. As a result, Kaspersky investigators found fake pages that offered to broadcast various Olympic Games events, ticket sales for competitions that would have no spectators, giveaway offers, and even the first fake virtual currency in the competition’s history.
Unsurprisingly, with more and more viewers on the Internet, Kaspersky experts found several pages of phishing that “offered” the broadcast of the Olympic Games, some of which required prior registration. Usually on these pages of phishing, once the user enters their credentials, they may be redirected to a page that distributes different malicious files.
In addition to ending up with malware installed on their device due to these files, users are letting their identifying information fall into the hands of cybercriminals, who may use this data for malicious purposes or sell it on the Dark Web.
Examples of phishing pages that offer broadcasting of the Olympic Games
Even though there are no events open to the public this year, cybercriminals have no qualms about trying to develop new schemes, resorting to options such as ticketing for events, a method that somehow remains effective. Kaspersky experts have also discovered pages that offer refunds for tickets already purchased.
Entities related to the Olympic Games
When analyzing the discovered pages, Kaspersky experts also found examples of pages from phishing disguised as official pages, such as a page pretending to be a site official of the Olympic Games in Tokyo 2020 and another that passes for the International Olympic Committee. The latter, for example, collects the credentials of the MS Services users.
No big public event is complete without cybercriminals creating very generous giveaway pages. Kaspersky experts found pages of phishing that offer, for example, the ideal television for watching games. These methods are extremely popular and generally each user becomes a lucky winner; the chosen winners only have to pay the shipping costs – but, needless to say, the television never arrives in this user’s room.
Olympic Games Virtual Currency
Finally, and certainly the most important fact is that Kaspersky researchers discovered the first virtual currency in the history of the competition, proposed as a fund to help Olympic athletes. Cybercriminals say they offer financial support to athletes in need around the world if users buy the currency. This initiative is, of course, completely false.
“Cybercriminals always take advantage of these popular sporting events to propagate their attacks. This year, the Olympic Games are being held without spectators, and for this reason, a large number of attacks was not expected. However, we observe that cybercriminals do not neglect these unforeseen events to create new – and creative – ways to profit. For example, this year we discovered an interesting phishing page that sold virtual currency from the Olympic Games. There is no real equivalent, which means that cybercriminals are not just counterfeiters, but also develop their own ideas.” shares Olga Svistiunova, security expert at Kaspersky.
To protect yourself and those close to you. phishing related to the Olympic Games, Kaspersky experts recommend:
- Check the link before clicking. Mouse over to view the URL and look for spelling mistakes or other irregularities;
- Check the authenticity of the websites before entering personal data and use only the official pages to watch the Olympic Games. Double-check the URL formats and spelling of the company name.
- Use a Reliable Security Solution