Beware of Olympics Related Malicious Activity

Cybercriminals have historically used high-profile events, such as the Olympic Games, to disseminate malware and conduct scams, fraud, and cyber-espionage. It is highly likely that cybercriminals will recycle old tactics such as Olympic-themed phishing emails, malvertising, and malicious mobile apps, as well as develop new methods to compromise target devices and accounts. Similar campaign tactics were observed in response to previous high-profile events, including the 2014 and 2016 Olympics Games in Sochi, Russia, and Rio de Janeiro, Brazil. 

Olympic Coverage
Cybercriminals will likely recycle the tactic of creating malware-laden websites, masquerading as legitimate platforms, for users to find out information about the Olympic Games. Scam artists register domains similar to legitimate ones and leverage social media as a platform to spread links to these malicious websites.

Unofficial application using official Olympics branding
Unofficial application using official Olympics branding

Mobile Apps
Cybercriminals are likely to offer Olympics themed mobile apps with collection capabilities that are likely to cause data breaches if downloaded. During the Rio Olympics, researchers identified over 4,500 mobile apps pertaining to the Games that also performed malicious activities such as hijacking social media accounts or collecting data from devices to which the phone connects. In 2018, cybercriminals have already uploaded similar apps to the Google Play Store that claim to be official apps and use the official 2018 Olympic branding. However, these do not have an official association with the Olympics.

Ticket Websites and Free Trips
During previous Olympics cybercriminals established fake ticket websites offering large discounts to draw curious users to the site and used spam emails to lure victims into paying taxes and fees associated with purportedly winning trips to the Olympics. It is likely that this financially-motivated trend will emerge for the 2018 Winter Olympics. These websites often contain malware or attempt to steal login credentials.

What can you do to get the Gold in protecting yourself?

  • Only visit trusted website for information regarding the Olympics. The official coverage will be provided by the Olympics website and NBC Olympics.
  • Only install apps install from official stores, identified developers or official organizations.  Be wary of apps that request permissions outside of what is expected. Follow our guide to learn how to Keep your Data Private by Managing Permissions like a Pro.
  • Be suspicious of any emails advertising relevant information such as live coverage, news stories, or ticket sales as they may be Phishing attacks. Follow our guide to learn how to spot and report Phishing emails.

About Cybersafe

The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

Be aware—and be cybersafe!