After an unprecedented year-long delay, the 2020 Tokyo Summer Olympics began in earnest last week. This time, all the events will take place with no spectators, which reduce physical risks – in terms of health and from a cybersecurity point of view (such as data theft using the vulnerabilities of public Wi-Fi at the stadium).
However, sports enthusiasts should not forget that cybercriminals will aim to take advantage of fans’ eagerness to watch the Olympic Games by instigating various online fraud schemes.
To get a better overview of how scammers are trying to monetise viewers’ interest, Kaspersky experts analysed Olympic-related phishing websites designed to steal users’ credentials.
As a result, Kaspersky researchers found fake pages offering to stream various Olympic events, selling tickets for competitions that won’t have spectators, various giveaways and even the first fake Olympic Games virtual currency.
Here are the top 5 ways cybercriminals are taking advantage of the Olympics:
Live Streams
Unsurprisingly, with more spectators moving from stadiums to online, Kaspersky experts found various phishing pages offering to stream the Olympic Games. Some of them ask for people to register before watching.
Usually in such phishing pages, once a user enters their credentials, they might be redirected to a page that distributes different malicious files. Besides having malware installed on their device through such files, users will be sending their identifying information into untrustworthy hands.
After that, scammers may start using such data for malicious purposes or simply to sell on the Dark Web.
Fake Tickets
Despite there being no events held with spectators in person this year, fraudsters are not shying away from trying well-tested (yet, somehow still effective) fraud attempts, like selling offline event tickets.
Kaspersky experts also discovered pages offering refunds for already purchased tickets.
Olympics-Related Entities
Analysing discovered pages, Kaspersky experts also found examples of phishing pages disguised as official Olympic ones. One such page is pretending to be an official website for the 2020 Tokyo Olympics, and another page is mimicking the International Olympic Committee (IOC).
The last one, for instance, collects users’ MS Services credentials.
Gifts
No big public event is complete without fraudsters imitating extremely generous giveaways.
Thus, Kaspersky experts also found phishing pages offering to give out a TV, ideal to watch the Olympic Games on.
This is quite popular and, usually, each user becomes the lucky winner; with the chosen ones only needing to pay a delivery fee. No need to say, the TV never gets delivered to the deceived user.
Olympic Games Token
Finally, and most interestingly, Kaspersky researchers found a first-ever virtual currency scam.
This virtual currency is claimed to be a support fund for Olympic athletes. A fake one. If a user buys a token, the scammers offer “to financially support talented sportspeople around the world who are in need”.
Of course, the fake tokens are used to steal your money and credentials.
“Cybercriminals always use popular sports events as bait for their attacks. This year, the Olympics is being held without spectators – thus, we do not expect a big number of related attacks,” comments Olga Svistiunova, security expert at Kaspersky.
“Still, we observe that fraudsters have no limit when it comes to creating new ways to take advantage. For example, this year, we discovered an interesting phishing page selling Olympic Games Official Token. There is no real equivalent of such thing that means that cybercriminals are not only faking already existing baits but also coming up with their own new sophisticated ideas.”