The Winter Olympic Games have already kicked off, but hackers and attackers have also started some Olympic Games, but the venue is not South Korea, it’ll be in your inbox and other online platforms. Some of their games include phishing, spams and other campaigns in which you don’t win gold, but lose it all. One of their games kicked off on Friday during the opening ceremony when a cyber-attack hit and crashed the Winter Olympic Game servers. Luckily, the incident has been contained, and the Winter Games are proceeding as planned.
So, in the coming two weeks, be on the alert as researchers have predicted a massive surge in phishing emails. You might not be worried since you have set spam filters on your email settings but things have changed as technology is evolving. Filters may not help this time around, if you see an important email update with great deals concerning the Olympic gear, competitions and anything related to the Winter Games, just think twice before you click on the links included in the emails.
This is because phishing campaigns are now using engineered spams that don’t look like spam. Recently, McAfee researchers discovered that there’s a coordinated malware attack which targets companies and organizations tied to the Olympic Games. An attack on the company might come directly to you if, for instance, you want to let’s say buy Olympic gear from the company. If the company is compromised, the emails you receive from the company might as well be compromised.
Why the Olympics?
Olympics usually attract a lot of attention both the security awareness and that which is not. Just like any big event, it’s an efficient and timely period for phishing activities. The more the current an event is, the more relevant phishing campaigns are. According to Ryan Sherstobitoff, a senior researcher at McAfee Advanced Threat Research, this year’s games could be especially bad. “We’re seeing higher volumes of phishing emails than we have for previous events,” he says. “There’s a highly charged political situation surrounding the games; cybercriminals want to take advantage of that and ultimately monetize it.”
Also, according to Brendan Griffin, threat intelligence manager for the email security company PhishMe, breaking news events are also a perfect way to deliver spams as cybercriminals take advantage of the situation. Stu Sjouwerman, founder, and CEO of KnowBe4, a cybersecurity company that specializes in anti-phishing employee training says, this months phishing emails will include time-limited offers for Olympic products and even results for competitions that haven’t yet aired. Stu further adds, “It could be anything Olympics-related that would be interesting to a potential victim.”
With the help of social media platforms, cybercriminals don’t have to craft these emails one by one. There’s plenty of personal data just lying out there, all they need is good software, and the rest of the process of composing, sending and sorting is automation. With great customization in play, you won’t think it’s a spam mail unless you have been hit. Also given that it has taken more than a year to prepare for the Games, attackers and hackers have had plenty of time to make fake/clone websites and fill them with details to make authentic. With this as their arsenal, it’s going to be hard to spot fraudulent activities if you don’t look keenly.
How to Avoid Phishing/scam campaigns
Now that you know phishing campaigns are lurking somewhere waiting to be unleashed, what are you going to do about it? Here are some ways and tips in which you can ensure that you won’t fall a victim of phishing campaigns.
- Don’t open emails you were not expecting. The easiest way to become a victim of phishing campaigns is by opening emails that you are not expecting. For instance, an email may have a title, ‘you have won yourself a car,’ but you know very well you have participated in any activities that would result in you winning a car. Ideally, when you get an email with such title, the best thing you do is to delete it right away.
- Examine the email keenly. If by chance your spam filters didn’t work and you have realized it after you have opened the email, examine links keenly, sometimes it may be spam or not. Before you click on any link, just hover your mouse and wait for the URL to reveal itself. For instance, Olympic phishing campaigns will have spelling errors such as Olympics with an “I” instead of a “Y.” if it’s a company mail, head over to your browser first and search the company. Look out for contacts and email in the website and see if they match with what you have in your inbox. Sometimes, don’t assume a website is legit simply because it has ‘https,’ cybercriminals also use encryption.
- Don’t open any attachment. If you suspect an email to be a phishing campaign, the first thing to never do is download the attachment. This how malware gets to your machine and spreads across the network to infect the entire organization.
- Don’t type your financial information. Any email that asks you to type in your credit card numbers, account numbers or even wire transfers should be examined closely and deleted. That information is too sensitive to be given away via emails.
- Use security tools. Tools such as antivirus software, firewall, and even VPN may help you avert a lot of danger when you are connected to the internet. Also, use website reputation tools to see ratings of websites you are visiting. Bad ratings translate to a website being fake/scam. Even with these tools, don’t let your guard down, sometimes they may give you a false sense of security.