Adhere to the following tips to develop a sense of phishing and cyber-fraud awareness
“Congratulations! This email certifies that your email detail have won €750,000 in our ongoing Paris Olympics 2024 Mega Promo draw by Coca-Cola Company Worldwide. To claim your prize, fill in your personal details and contact the following person.”
By now, most careful people will have identified the above as the contents of a phishing email capitalizing on the appeal of the Paris Olympics. Significant events have become a prime hunting ground for scammers and cybercriminals.
According to Bitdefender experts, multiple Olympic-themed lottery scams have been intercepted in the past weeks. Cybercrooks use the names of national lotteries, financial institutions, and big tech giants to lure unsuspecting internet users. Following the introductory cyber safety tips last month from Keeper Security, here are more cyber awareness tips by Bitdefender:
Scams tactics and themes
Olympics-themed scams may come in the form of emails, social media messages, or fake websites designed to steal your personal information.
- Fake lotteries: Promoted along any popular theme, event or performance. In the past weeks, cybercrooks have used the names of national lotteries, financial institutions, and big tech giants to lure unsuspecting internet users. Common impersonated brands include Coca-Cola and the World Bank, among many others. The body of phishing messages is similar to your run-of-the-mill email lottery scam messages, with fraudsters simply adapting the text to suit the event. Scammers have even added fake reference numbers or listed the lucky numbers “drawn” in the fictitious lottery. Recipients of the phishing email must contact a “representative” via email or phone number to provide additional information such as full name, address, age, and phone number.
- Fake event tickets: Cybercriminals are using a different approach in targeting sports fans in Brazil. A campaign impersonating financial service provider Visa baits unsuspecting users with a chance to win tickets to the Olympic Games by entering their Cadastro de Pessoas Fisicas number. While the initial message displays plenty of indications of a scam, the cybercrooks did an excellent job in manufacturing a fake visa website. A typical phishing email of this nature usually sounds like the following: “Use your Ourocard Visa debit or credit cards for your purchases and compete for a travel package to the 2024 Paris Olympics and prize miles. Participate also using the Mastercard and Elo brands.”
- Phishing attacks: Cybercriminals may impersonate official Olympic Games partners in their approach, asking recipients to click on malicious links or provide personal information.
- Fake websites and apps: Threat actors may begin promoting fraudulent websites and mobile apps that mimic official Olympic platforms, tricking users into downloading malware or providing sensitive information. Example: Cybercrooks may advertise a fake app promising live-streaming of Olympic events, that instead serves up credential-stealing Trojans and spyware.
- Ticket scams: At event venues and adjacent areas with free Wi-Fi unsecured networks at Olympic venues, cybercriminals may set up hotspots to intercept users’ data. Users accessing bank accounts and sensitive information while connected to an unsecured Wi-Fi network risk losing their accounts and funds.
- Urgent travel and hotel booking scams: Scammers use urgent sounding offers to promote fake travel and accommodation deals. Example: You see a great offer for a last-minute hotel deal in Paris at a great price, but after you pay, you discover the whole thing was a scam.
- Merchandise scams: Fraudsters create fake ads and platforms to sell counterfeit Olympic merchandise.
- Fake officials at events: Scammers may pose as Olympic officials to steal personal information or money at various events.
Staying safe
The standard precautions for treating possible phishing scams apply.
- Verify the source: Only open emails and messages from known senders. If you receive a suspicious message claiming to be from an official Olympic source, verify its legitimacy by checking the official website or contacting the organization directly.
- Look for red flags: Be wary of emails that originate from obscure email domains, do not address you by name, use generic greetings and suspicious-sounding excuses to gain your personal data, and contain links to any website that requests personal information.
- Do not click on suspicious links: Hover over links to see the actual URL before clicking. If the link looks suspicious or unfamiliar, do not click on it.
- Use a security solution: A trustworthy security solution can protect you from malicious software, phishing attempts and fraud.
- Use scam detection functions: Many good cybersecurity software applications contain scam detection functions and issue regular reminders, so make full use of them. Spread the word around to others who do not use such software or their anti-scam functions.
- Ensure strong password hygiene and multi-factor authentication: In the event that you fall prey to a phishing scam, your strong, complex and unique passwords, used for all other accounts, will be untouchable. For the affected stolen account, multi-factor authentication and other user protection functions by the issuing agency should still keep the account out of reach of attackers.
- Do not use public Wi-Fi connections: Whether legitimate or fake, public Wi-Fi networks are often insecure. There are no longer any good reasons not to have your own telco-based mobile internet connectivity to justify resorting to public Wi-Fi. If you really need to use the latter, ensure that you use a virtual private network app to encrypts and the connection.
- Use official event organizer sources: When looking for any information about the Olympic Games or other major events, always use official sources. Beware of being directed by email links or ads to spoof websites. When downloading mobile apps linked to the event in question, make sure it is the official app by the organizers, and in any case restrict the app’s permissions during installation.
Finally, keeping updated on cyber scam and fraud trends via the CybersecAsia.net newsletter can be your gateway to other useful cyber safety tips, features and thought-leadership content that is vendor agnostic and not subject to heavy marketing slants.