Athletes aren’t the only ones training for the Olympics, cybercriminals are also stepping up their game! Avast explains which threats you should watch out for!
The Olympic torch is making its way to Rio as the 2016 summer Olympics are set to begin on August 5th. The excitement is building and many are anxious to see the 306 events, which will take place across 37 different venues. The athletes, however, aren’t the only ones who have been working hard for the Olympics. Cybercriminals have also been preparing for the games and their ultimate reward is your data and money!
Brazil has become somewhat notorious for ATM skimmers, so if you are traveling to Rio in August you may want to be cautious when getting cash. ATM skimmers are card readers that are put on top of regular card readers. When you stick your card into the reader the card is scanned by the counterfeit card reader. This gives thieves the information stored on your card’s magnetic strip. To get your pin, thieves use either a hidden camera to watch you enter your pin or place a fake keypad over the actual key pad.
“You should take a careful look at the ATM reader you want to use. If you see something suspicious or notice a device attached to it, you should not use it. Additionally, you should always review your card statements and immediately report suspicious activity to your bank.” - Jaromir Horejsi, senior malware analyst
Phishing emails and websites
Phishing scams are a method cybercrooks like to use, because they are easy to execute and are profitable. Phishing emails and sites are constructed to look identical to real sites or appear to be from official organizations, making it difficult to recognize them.
“Scam sites and links included in phishing emails often use typosquatting, which is when a URL of a fraudulent site is a typo-version of popular sites. Therefore, we advise against follow links in emails asking you to log in or share your financial information - as most companies would never do this via email. Instead, you should directly navigate to the official Rio Olympics site to purchase tickets, for example. The same applies to hotel or flight offerings via email - it is safer to navigate directly to a booking site like Expedia or Hotwire, rather than following a link in an email.
A few things can happen when you click on an alleged ticket email. Either you can be lead to a site imitating a trusted website and be tricked into making a fake purchase or into entering sensitive, personal information, or you can be lead to a malicious site that automatically downloads malware onto your device, which in turn can spy on your activities or steal your data. Links like this can also lead to scam sites that request you enter your phone number, install a malicious app on your mobile device or trick you into subscribing to a paid SMS service. Links can also just lead to advertisement. Cybercriminals commit click fraud by sending out links to random advertising so people click on them and in turn the cybercriminals earn money from the advertisers.” - Michal Salat, threat intelligence manager
Fake mobile apps
It’s natural that you want to be part of the action and get into the Olympic spirit, but be careful. Cybercriminals attract people by following trends. Around the Euro Cup 2016, for example, we found apps on the Google Play Store that were knock-offs. Their main purpose was to collect data and bombard users with ads.
“The best way to protect yourself is to proactively install an antivirus app. Antivirus will detect and protect you from malware and adware. You should also only download apps from official app stores like the Google Play Store or Apple’s App Store. Apps on trusted app stores, such as Google Play, are screened for malware before they are uploaded, making it difficult for cybercriminals to upload malicious apps. Cybercriminals, however, often include adware in apps they upload to the Google Play Store, to earn money from advertisers by bombarding users with ads. Cybercriminals can also circumvent some app store restrictions by collecting more data from their users than necessary for their app to function. They can then turn around and abuse this data to steal people’s identities or hack into their online accounts. Before downloading an app, read through the comments other users have written. If other users warn that the app doesn’t perform as it should, you may not want to download it.” - Nikolaos Chrysaidos, mobile malware and security
If you are traveling to Brazil for the games, chances are you are going to save costs by relying on public Wi-Fi. Wi-Fi networks can easily be set up, making it pretty simple for someone to spy on your browsing activity. The weekend before Mobile World Congress, Avast researchers set up a fake free Wi-Fi hotspot at the Barcelona Airport to see who would connect. Thousands of people connected and we were able to see what devices they were using, what they browsed and what apps they had installed.
“You should always utilize a VPN (virtual private network) app, like Avast SecureLine VPN, when connecting to public Wi-Fi hotspots. A VPN creates a secure encrypted connection and tunnels traffic to a proxy server. The encrypted connection protects your personal data, thus preventing hackers from accessing or even altering your communications over the Internet.” -Jiri Sejtko, Director of Viruslab Operations
Whether you plan on watching the Olympic games from home or are travelling to Brazil, make sure you enjoy the games safely!
The Cybersecurity Tech Accord and Economist Intelligence Unit report measures the beliefs of IT security leaders and experts regarding threats posed by state-led and sponsored threat actors.
MyData Global is a non-profit organization built to empower individuals by improving their rights regarding personal data. Read up on their current efforts to enable secure data sharing.