February 9, 2018, marks the commencement of the 2018 Winter Olympic Games in Pyeongchang, South Korea. Athletes from around the world will compete to achieve their lifelong dream of winning an Olympic medal. It’s a spectacle to behold, both online and in person. Digital attackers realize this; you can bet they will try and capitalize on the Games’ hype to prey upon unsuspecting spectators and web users.
As with any major event, we can expect to see a spike particularly in phishing, scams and malware using the Olympic excitement to trick people into dropping their guard. Here are threats to keep your eye out for around this year’s Games and what you can do to defend yourself.
Whether it is the Olympics, the Super Bowl, or the World Cup, there will be offers for tickets and premium stream access that sound too good to be true. With that said, it’s important to only use official channels for gaining any kind of access. This is just as important for live streaming of the events as it is for any ticket offers. Illegitimate streaming services can be rife with malware like cryptocurrency miners, scripts which hijack your computer’s resources to mine for new cryptocurrency like Bitcoin.
Also ensure you are going to the official websites for purchasing merchandise. There will be a large number of sites claiming to sell discounted merchandise to steal your credit card information.
Along the lines of scams, you will see an uptick in phishing attempts. These are going to be mainly emails pretending to be part of the official Olympics or NBC. Their claims will vary and will include lures like free streaming access, other prizes, and requests to follow a link to confirm some information.
Avoid clicking links in emails you didn’t request. For instance, if you get an email from NBC claiming you need to reset or verify your password, go to nbc.com by typing it into your browser instead of following the included links. From there, you can try logging into your account.
As always, spam will be tailored to this event. While most of it will be to get you to purchase counterfeit goods or to steal credit card information, there will also be many spam attempts containing malware. Do not open any attachments to emails that you are not expecting from trusted sources. These may be offers for applications for free streaming or asking you to fill out forms for a sweepstake. No attachment type, whether it is an application, Office document, or even an image, should be considered safe.
At the same time, some of these spam campaigns might attempt to drop ransomware onto a victim’s device. Users can protect themselves by making sure they have a data backup strategy in place. Lane Thames, senior security researcher with Tripwire’s Vulnerability and Exposure Research Team (VERT), explains how such a plan is especially relevant for individuals who intend to watch the Olympics in person:
It’s important to have a ‘digital’ backup plan in case your device(s) is lost, damaged, confiscated, or stolen while traveling, especially when traveling abroad. Consider this: you are late at the airport in some foreign country (where you don’t speak the language), and while running to catch your plan, you drop and shatter your phone. What do you do? Not an easy answer if your itinerary and everything else related to your foreign travel is only available on your mobile phone. This same scenario could occur if your device is stolen or possibly confiscated at some security checkpoint for some unknown reason.
Thames also recommends that Olympic-bound travelers limit their electronic devices to something “expendable such as an older device that you don’t use any longer.” On that device, they should perform a factory reset, reinstall only the applications that are a must, and use encryption on that device.
Stay Safe and Enjoy!
Many of these digital security tips apply to any time of year, but extra vigilance is necessary during events like this. So be safe and enjoy the Olympics!
About the Author: Matt Corney is chief technology officer at Nuspire Networks, bringing over 20 years of data security experience to the company. As CTO, Corney oversees the management of Nuspire’s SIEM solutions as well as the overall creation, maintenance and updating of the company’s current and future product portfolio. He is also responsible for Nuspire’s security monitoring personnel and ensuring they have the resources to consistently monitor and engage with the next generation of hackers.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.