The run-up to the Olympic Games in Tokyo has been fraught with controversy, but the opening ceremony took place as scheduled and the event is underway, albeit with no spectators due to concerns around COVID. Another cause for worry has been raised by cybersecurity analysts who warn that cybercriminals will attempt to capitalize on the global event through a variety of scams and attacks.
This is no idle threat. In 2018, the most shocking attack, dubbed Olympic Destroyer, occurred during the Winter Olympics in Pyeongchang, South Korea. Just hours before the opening ceremony, Russian hackers tampered with the servers tasked with providing all internet-based services for the Games. They were able to disrupt the process of scanning spectators at the entry points and took the Wi-Fi system offline. In the early hours of the next morning, the Olympic IT team was able to safely restore it, and it wasn’t until after the Games were over that the attack became widely known.
The U.S. Department of Justice last year indicted six members of the Russian Main Intelligence Directorate (GRU) in connection with those attacks, which were likely in retaliation for Russian athletes being banned from competing under their flag due to doping allegations. The ban is in effect until next year, but Russian athletes are able to compete under their country’s Olympics organizing committee, the ROC. With the current no spectator rule, hackers, Russian-sponsored or otherwise, will have to turn to other methods.
Ransomware tops the list of threats, and indeed, the Japanese Olympic Committee revealed recently it was hit by a ransomware attack in April and that it had not paid a ransom and replaced all infected computers. A phishing attack involving a PDF in Japanese was sent to event organizers in an attempt to lure them to malware-infected ads, which could disrupt their communications. But attacks are not limited to Olympic organizers.
A hodgepodge of Olympic-related phishing attacks have been identified by security analysts that range from offers for fake streaming services to a phony cryptocurrency. Awareness of the risk is the first step in protecting yourself.
For instance, phishing pages have been discovered selling an Olympic Games Official Token when there is no real equivalent of such a thing, and a website selling a virtual currency that supposedly helps fund athletes in need. There is no fund and your purchase of the fake cryptocurrency goes only to the scammers, along with any financial data you provided to buy the coins.
Another emerging ploy are advertisements for fake streaming services to watch the Games. NikkeiAsia reported that these sites show up in searches for Olympics-related terms that then ask users to allow browser notifications. If accepted, your browser will then display malicious advertising and take you to the fake streaming site where your purchase of the service will reveal the scam, steal your money and possibly infect your computer. Other streaming scams start with a phishing email or link on social media taking you to the fake website where you will be asked to register to view the Olympic programming. Here, your data is captured and malware installed into your computer, making it a two-for-one scheme.
You may run across fake Olympic Games news or “official” websites connected to the International Olympic Committee. Land on one and you may have your Microsoft Services credentials stolen, security firm Kaspersky noted. The group also warned of phishing pages offering a chance to win a free TV for watching the Games. And when victims fall for this bait, they then may be notified that they’ve won the TV but must pay for shipping. I don’t need to tell you that the TV will never arrive.
Any of these phishing scams could arrive in your inbox, pop up in a search or appear in your social media feed. To stay safe, if you see an Olympics-related email in your inbox, don’t open it; just delete it. Avoid searches for Olympics terms particularly if it’s a breaking news item. Instead, go directly to a trusted news source. Similarly, don’t click on links in your social media feed, especially if it’s an offer for free streaming or a free gift. NBC is the official broadcaster of the Games, and you can also watch on subscription services including NBC’s streaming service Peacock, the NBC app, YouTubeTV, Hulu with Live TV, Sling’s TV Blue, AT&T TV and Roku.