The Olympics provide a wonderful opportunity for athletes and people all over the world to enjoy sports and relax with friends. But those in the electronic underworld – hackers, spammers and phishers – see the Olympics as a prime opportunity to trick you into giving up your login credentials and other personally identifiable information for their gain.
Karen McDowell, an information security analyst in the Information Security Policy and Records Office at the University of Virginia, warns that phishing attacks are on the rise, particularly during international events that generate lots of media coverage, such as the Olympics.
"Tricking people is an old game, but now it's high-tech and very clever," McDowell said.
Phishers create Olympic-themed messages and websites as bait and wait for the unsuspecting person to click on whatever link they provide. They may attempt to collect personal information like names, Social Security numbers, credit card numbers, bank account numbers or login credentials, and/or install malware for exploitation at a later date. Phishers can also infect the computer with a keylogger, which records every keystroke the computer user makes, then sends this information to unknown third parties, where it is mined and sold to the highest bidder.
Olympic organizers reported at least 143 scams well before the games began, McDowell said. Often these are in the form of unsolicited emails, which promise a chance to win tickets to the games.
Unauthorized Olympic websites also present a threat. Before the start of the Games, there were more than 70 of these websites, created by scammers to infect the computers of whoever enters the site.
Spammers also use SMS or text messages to trick people into giving up their personal information. "Don't respond to unsolicited requests sent to your phone," McDowell said. "If you think it's important, call your carrier and ask. Otherwise, delete these messages, too."
She warns that hackers and phishers may try other methods to steal your money and personal information. For instance, they may plant malicious links, viruses or malware in Olympics-themed photos that appear in search engine results. "They are working hard to take advantage of your interest in the Olympics," she said.
Do not rely on antivirus software to protect completely from infections phishers may drop into your computer, McDowell said, as most hackers learned long ago how to go under the antivirus radar.
"It's critical to install and update antivirus, but we humans are the weakest link," she said. The best way to avoid becoming a victim to phishers is by not responding to unsolicited email or links. If you think the message is important, McDowell said, find some way to verify its authenticity independently.
The official London Games website at London2012.com provides a ticket checker for those who wish to verify whether they are buying from a legitimate venue. Official websites like this one and olympic.org, as well as reputable news sites, also have many photos and the latest updates on the games. McDowell encourages people seeking information about the Olympics to use these websites.
Even after the Olympics are over, people should continue to watch out for email scams and malicious websites, McDowell said – especially around the beginning of the school year and holiday seasons, when people are busier and not paying close attention to their computer activity.
All of the central mail systems at U.Va have antispam filters in place, which block the vast majority of spam and phishing that goes around, McDowell said. Since more than 71 percent of worldwide email traffic is spam (according to November 2011 statistics), however, some phishing messages are bound to get through.
"No email provider can survive without antispam filters in place," she said, "but like any system, they are not perfect."
Remember to stop, and think, before you click, she said. If you are unsure about a particular message, email firstname.lastname@example.org for assistance.
– by Lisa Kessler