A week from today all eyes will be on London and the opening ceremonies of the 2012 Summer Olympics. More than any prior Olympic games, the 2012 London Olympics will be watched and followed over the Internet and on mobile devices from around the world.
Of course, the cyber criminals know this as well, and cyber criminals tend to be adept at capitalizing on breaking news and major events as bait for unsuspecting victims. ThreatMetrix published a list of the top threats users should be aware of. If you want to enjoy the London Olympics safely from your PC or mobile device, avoid these five security risks:
There will be a variety of apps available for the various mobile platforms to help people view Olympic events, keep track of medal winners, access statistics and relevant information, and more from their mobile devices. As we have seen time and time again, though, there are shady third-party apps that surreptitiously access information from mobile devices without explicit permission, or reach out to everyone in your contacts to get them to download and use the app as well. Pay attention to the permissions being requested by any apps you install, and keep an eye on any suspicious activity. Better yet, stick to official Olympics apps, or at least apps from established, trusted developers.
2. Drive-By Downloads
With the right vulnerability to exploit, attackers may be able to install malicious software on your PC just by getting you to visit a website. In fact, the attackers might not even have to get you to do anything if they can manage to plant the malicious exploit on a legitimate site. Just by visiting a website providing Olympics coverage or information, it’s possible your PC could end up infected or compromised. And, no, the risk is not limited to the Windows operating system.
3. Hidden Links
If an attacker does want to lure users to visit a malicious website, it’s a lot easier these days than it used to be thanks to shortened URLs. As people share news and information about the London Olympics via Twitter, the associated links will inevitable be shortened using services like Bit.ly–obfuscating the true URL. There are tools out there that will let you see where that shortened link goes before you click it, but most people will simply click away, possibly ending up at a malicious site that could infect or compromise their PC.
4. Search Engine Poisoning
ThreatMetrix explains, “When conducting online searches for information or images about the games, cybercriminals can redirect consumers to malicious websites,” adding, “Rather than seeing an image of their favorite Olympian, the photo can actually infect consumers’ devices if the page containing the image is laced with malware.”
Basically, attackers can use search engine optimization techniques to try and game the system and get malicious sites ranked at the top of search results. Most people inherently trust the top search results and won’t think twice about clicking them to dive deeper.
5. Phishing Attacks
If you happen to be in London during the Olympics you might feel compelled to try and attend an event or two. Be very, very careful with searching for or buying tickets. Cyber criminals will use the lure of tickets to draw victims to malicious sites, and more traditional grifters may actually sell fake tickets for a quick buck.
There will most likely be other phishing attacks aside from ticket scams. Cyber criminals will use Olympics news, photos, video clips, and other Olympics-related information as bait to get users to either visit malicious websites, or con them into sharing personal or financial information.
It sounds scary. It might even make you think twice about watching or following the Olympics over the Internet or mobile devices at all. It’s not that bad, really.
“All of the cybercrime risk associated with the Olympics can be overwhelming to consumers,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “However, simple steps can be taken to avoid malware attacks associated with the Olympics. These steps include keeping all software up-to-date, using only official Olympic sites and applications and being hyperaware of all web and mobile device activity. Don’t click on any link that comes your way, even if it looks interesting–it may be a costly click.”