Beware! Tokyo 2020 Olympics Become The Target Of Cybercriminals
JAKARTA - After an unexpected year-long delay, the 2020 Tokyo Summer Olympics have started on July 23, 2021. This time, all events will take place without spectators, in order to reduce the spread of COVID-19.
However, sports fans should not forget that cybercriminals will not be at their wits end in exploiting the euphoria of watching the 2020 Olympics, by committing various online fraud schemes.
“Cybercriminals will always use popular sporting events as a cover for their attacks. This year, the Olympics will be held without spectators - therefore, we don't expect a significant number of cyberattacks. However, we observe that scammers have no limits when it comes to creating new ways to take advantage", said Kaspersky security expert Olga Svistiunova.
To get a better idea of how scammers are trying to monetize audience attention, Kaspersky experts analyzed a phishing Olympics-related website designed to steal user credentials.
As a result, Kaspersky researchers discovered a variety of schemes ranging from fake pages offering streaming of various Olympic events, fake ticket sales, fraudulent prizes, and even for the first time, fake Olympic virtual currency (tokens). The following is the explanation quoted by VOI, Monday, July 26.
1. Live Streams
Unsurprisingly, with more and more spectators moving from stadiums to online, Kaspersky experts discovered various phishing pages offering Olympic streaming. Some of them ask people to register before watching.
また読む:
Usually on such phishing pages, once users enter their credentials, they might be redirected to a page that distributes different malicious files. Apart from installing malware on their devices via such files, users are also asked to send personally identifiable information into untrustworthy hands. After that, scammers can start using the data for malicious purposes or selling it on the Dark Web.
2. Fake Tickets
Even though no events have been held with live audiences this year, online scammers still haven't stopped trying their luck (however, somehow the scheme is still effective), such as selling tickets to offline events. Kaspersky experts have also found pages that offer refunds for tickets that have already been purchased.
3. Olympic Related Entities
Analyzing the pages found, Kaspersky experts also found examples of phishing pages disguised as official pages for the Tokyo 2020 Olympics and pages impersonating the International Olympic Committee. The latter, for example, collects the user's MS service credentials.
4. Gift
There is no big public event without scammers to lure fake prizes related to the event. Kaspersky experts also came across a phishing page offering to win Television, which seemed an ideal surprise for watching the Olympics. It is quite popular and the general scheme, the users who become lucky winners only need to pay the shipping fee. Of course, the TV gift will never reach the deceived user.
5. Olympic Games Token
Lastly, and most importantly, Kaspersky researchers invented the first virtual currency, which is a support fund for Olympic athletes. Of course, this is fake. Scammers revealed that this is an effort to support financially talented athletes around the world in need, so users can participate by purchasing tokens.
"For example, this year alone, we came across interesting schemes such as phishing pages selling Olympic Official Tokens. There is no equivalent of such a thing, meaning that cybercriminals are not only faking existing baits but also creating new ideas of their own beyond expectation", said Svistiunova.
Prevent Phishing by Following These Steps
To protect yourself and those closest to you from Olympic-related phishing, Kaspersky experts recommend:
- Always check links before clicking. Carefully review the URL format, and look for spelling errors or other irregularities carefully.
- Check the authenticity of the website before entering personal data and only use the official website to watch the Olympic games. Double-check the URL format and spelling of the related company name.