Warning of computer fraud employing imagery from the Olympic Games
The LACNIC Warning Advice and Reporting Point (WARP) recorded increased cyber-attack activity in the region during the 2016 Summer Olympics and has warned about the methods used by cybercriminals taking advantage of the attention attracted by this this competition among the population in general.
Records of Latin American and Caribbean Computer Security Incident Response Teams (CSIRTs) show that during the Olympic Games there was a spike in cyber fraud attempts against financial institutions and attempts were made to breach the International Olympic Committee’s database. “Brazil and all regional teams were prepared for these incidents. A lot of work had been done in the run-up to the event,” said Graciela Martinez, Head of LACNIC WARP.
Martinez observed that, now that the Games are over, regular Internet users are the ones most at risk, as they may feel inclined to search for information about their favorite athletes or competitors who had outstanding performances in Rio de Janeiro. In this sense, she warned of one type of malicious online activity that is usually detected after these sporting events: fake requests for donations to certain athletes or countries. Users typically receive email requests for donations to athletes or countries, although this is “an unusual way of making such requests,” added Martinez. She recommended not opening these email messages, especially if the sender is unknown, as they may contain malware, i.e., malicious software usually designed to steal Internet user credentials.
“The email may say ‘Check out this photo of your favorite athlete’, when in fact the file contains malware,” said Martinez. Another common scam are email messages allegedly from athletes who accept sponsorships. Users may receive a link that says ‘Click here if you’d like to help XX,’ but in fact attackers ask them to enter their personal data and then use this information to commit fraud.
Lately, one of the most common forms of fraud is ransomware, a type of malicious software that encrypts part or the entire hard drive of the infected system until a ransom is paid.