Watch Out for Olympic Spam, Phishing, Malware

Sochi Olympics

While much of the world’s scrutiny has focused on the possibility of a terrorist attack at the XXII Olympic Games in Sochi, Russia, ”there are several cyber-related risks to consider,” the Department of Homeland Security warned in an advisory.

Cyber-criminals may use the Winter Olympics as a lure to trick users into clicking on spam and phishing messages, according to Tuesday’s advisory from the United States Computer Emergency Response Team (US-CERT), a division of DHS. Hacktivists may also target Olympic-related organizations to further their own agenda. Lastly, people actually attending the Games need to be aware of potential adversaries eavesdropping on their activities, the advisory said.

Online Scams
Scammers may target users who are looking for live streams from the Games, event replays and summaries, and up-to-date news reports. Scammers like to reference major events in their email subject lines (such as the FIFA World Cup, Super Bowl, and in this case, the Winter Olympics), knowing that users are primed to open those messages. Fake websites claiming to have exclusive video footage or news can be used to deliver malware as part of a drive-by download attack.

Users should rely on official news sources and trusted sites, US-CERT said. The Olympics isn’t the time to go hunting for new sources of information. Don’t click on links or opening attachments. Always visit trusted sites directly and look for the relevant story.

At the Games
US-CERT also warned the Russian government can monitor, intercept, and block any communications sent electronically, such as phone calls and online activity, for anyone within the country. Attendees need to ”understand communications while at the Games should not be considered private,” US-CERT said.

And yes, it’s ironic that US-CERT is warning about Russia when the U.S. government has its own surveillance agenda.

Travelers entering Russia can take laptops and other electronic devices. However, the government retains the authority to inspect, and confiscate, any computer or software deemed to contain sensitive or encrypted data, when leaving the country, US-CERT said. Travelers may want to consider leaving personal electronic devices at home. Or back up all your data before leaving home, so that even if your device is confiscated, your information is safe. Travel safe.

Nowadays, every cyber-security warning worth its salt has to mention hacktivists, and US-CERT didn’t disappoint. The advisory cited a vague threat from December made by an Anonymous collective, operating under the Anonymous Caucasus name. However, no ”specific threat or target” has been identified yet. Would there be a hacktivist attack against various websites? Possibly. Would it impact the events? Not noticeably.

Considering that NBCUniversal has exclusive coverage rights, I hope the company is taking steps to secure its social media presence, or we may wind up with some crazy and entertaining posts on Twitter.

Before the Opening Ceremonies begin Feb. 6 in Sochi, refresh your memory with our tips on how to identify phishing emails and avoid social engineering attacks. And enjoy the Olympic Games!