Security experts are warning Olympics fans to be on their guard ahead of the Rio Games this summer, after spotting numerous spam and phishing campaigns piggy-backing on interest in the event.
Kaspersky Lab analysts Tatyana Shcherbakova and Andrey Kostin explained that the scammers have been ramping up their activities for a year, starting with fake lottery win notifications spoofed to come from the Brazilian government and the International Olympic Committee (IOC).
To claim their winnings, the recipients are asked to provide personal details – clearly a standard phishing tactic.
Spam emails have also been spotted by Kaspersky Lab trying to sell everything from TVs to pills – all using interest in the Olympics as a lure to entice internet users.
Fake ticketing emails require extra work on the scammers' part and could seem more authentic to unsuspecting sports fans, according to the Russian AV vendor.
It has blocked dozens of newly registered domains containing the keywords “rio” or rio2016” etc which are hosting “good quality imitations” of official ticketing sites.
“The scammers register these domains to make their sites look more credible; for the same purpose, they often buy the cheapest and simplest SSL certificates,” explained Shcherbakova and Kostin.
“These certificates are registered within a few minutes, and certification authorities don’t verify the legal existence of the organization that has issued the certificate. The certificates simply provide data transfer over a secure protocol for the domain and, most importantly, gives fraudsters the desired ‘https’ at the beginning of their address.”
Users who input their card details into these sites are effectively giving cyber-criminals access to their bank accounts. They’ll be sent a confirmation that the payment has gone through and that the tickets will be sent a few weeks before the games, in order to keep them in the dark for even longer, according to Kaspersky Lab.
“As a result, the criminals not only steal the victim’s money but deprive them of the chance of attending the Olympics – by the time they realize they won’t be getting the tickets they booked it will be too late to buy genuine tickets … especially if there’s no money in their bank account,” the blog continued.
These are well organized campaigns, with separate but affiliated cybercrime groups operating globally taking various roles – one to create the site, one to register the domain, and so on.
The security vendor urged netizens not to buy via unsolicited emails, and to consult the official website of the Olympic Games which has a list of official regional ticket sellers.
Spam and phishing attacks have always been prevalent in the run up to major sporting events but the scammers only really started to focus on the Olympics in the run-up to Sochi 2014, according to Kaspersky Lab.