Like the Olympics? You’re ripe for cyber attack

Experts show how you can steer clear of scams during the Olympic Games, in Brazil or even here at home.

 

You were lucky enough to get tickets to the 2016 Summer Olympic Games in Rio. You had the good fortune to be able to afford a trip to Brazil. And now you’re withdrawing cash from an ATM not far from one of the Olympic venues to buy souvenirs to bring home.

Only as you take out your money, cyber criminals are withdrawing, too—from your account.

It could be a “chupa cabra,” a skimmer, as they call it in Brazil, placed on top.

Or, even worse, everything you touch on the cash machine is counterfeit.

“Even if the ATM looks legitimate, there is still a chance that the whole front of the machine is fake,” said Dmitry Bestuzhev, the director of cybersecurity company Kaspersky Lab’s global research and analysis team for Latin America.

“In other words, not just the card reader which cyber criminals used to install over the real one, but the whole casing of the ATM might be fake, installed over the real one,” he added. “If this is the case, your card information will be stolen.”

This is reality for people living in Brazil, and now—with a flood of visitors coming to watch the Olympic games—cybercrime could rise, with tourists as targets.

“When traveling to Brazil, it’s important to remember that for the local cyber criminals, this event represents a once-in-a-lifetime opportunity,” Bestuzhev told Archer News.

“In other words, there will be a concentration of many foreigners at the same place and at the same time, which, to them, could mean the best scenario to conduct all kinds of fraud,” he said.

Already a hotbed

You might already be expecting some kinds of scams for the Brazil Olympics.

“Whenever high-profile events happen, cyber criminals are quick to take advantage of the situation,” said John Shier, a senior security expert with cybersecurity company Sophos. “We see this every time there’s a natural disaster. Aid scams are very quick to follow.”

But Brazil is already a hotbed of cybercrime, one of the hottest online attack spots in the world, according to experts.

Brazil was ranked first place worldwide for phishing attacks, reported Kaspersky Lab, as well as the most dangerous country for financial attacks in 2014.

In addition, the country is facing a number of crises, including a financial downturn that has put Brazil into its worst recession since the 1930’s, according to CNN.

Robin Hood

Add to this a massive influx of visitors willing to pay $10 to more than $1000 for one ticket to an Olympic event, and you may have a situation ripe for attack.

Analysts say the cyber criminals may view themselves as simply adjusting the balance of money in society.

“They compare themselves to Robin Hood: stealing from the ‘rich’ (in their eyes the banks, the financial systems and the government), in favor of the ‘poor’ (themselves),” wrote Kaspersky Lab’s Fabio Assolini.

The penalties for cyber crooks are not strong enough, and the Brazilian judicial system is too slow, Assolini said.

“It is very common for attackers to be arrested three or four times only to be released again without charge,” he said. “The lack of effective legislation to combat cybercrime and high levels of police corruption provide the icing on the cake.”

What to watch for

If you go to the 2016 Summer Olympics, or if you stay home, you can watch out for the favorite hangouts of the Robin Hoods of Rio.

On the ground in Brazil, the ATMs are common targets for cyber crooks, said Assolini.

“Even during the day you can see them hanging about, wearing flip-flops and beachwear and in a very relaxed mood, installing skimmers in a crowded bank,” he said.

Another spot—the device where you slide your card to pay at your hotel or elsewhere.

“One of the most popular and most dangerous types of cybercrime foreigners might face is the robbery of credit or debit card information when paying at official and sometimes even international establishments,” said Bestuzhev.

He said malicious hackers often install malware on the “point-of-sale” devices.

“Even when you check out at your hotel, you may become a victim of cybercrime if that particular machine installed at the reception desk is infected,” he said.

Too connected

You will probably want to connect to the Internet while you’re in Brazil, but that can also be a popular attack pathway.

“Another real scenario where users lose personal and sensitive information is by connecting to a public Wi-Fi or open networks which often offer free connectivity,” he said.

“When working from such networks with no VPN [virtual private network] from the user’s side, all data might be intercepted and occasionally read, which includes passwords, PINs and other sensitive information,” he said.

Staying home?

You don’t need a ticket to the games to get mugged by a Brazilian cyber thug.

“It depends on the habits of each person and especially, on their interest in the Olympic Games,” said Bestuzhev.

“Right before and during the Games, we usually see a lot of fake websites offering livestreaming for just a few dollars,” he explained. “In most cases, it’s just a scam.”

And Brazilian cyber attackers are not the only ones betting on your desire to enjoy the games from afar.

Gaming the Olympics

“Interest in anything Olympics-related will be at its peak, and so things like SEO [search engine optimization] poisoning, ticket scams, phishing emails and all sorts of other scams will also be at an all-time high,” said Shier.

Crooks from many countries use search engine optimization poisoning to make their infected sites rank higher in your searches than legitimate sites, so you will be more likely to click on them.

The fake sites may look legitimate, and may offer Olympic souvenirs and clothing at what seems like a good price.

“If a user located anywhere in the world conducts an online search on the Olympic Games and clicks on all kinds of sites, he may be infected with a malware or provide personal financial information to cybercriminals,” said Bestuzhev. “In the end, this can also result in the loss of money.”

Protecting yourself in Brazil

Before you go, buy prepaid cards to use in Rio, Bestuzhev recommends.

“These work as disposable cards you can use to make purchases but are not tied up to your checking or credit accounts,” he said. “You control the balance on these by prepaying an amount, and in the event that you do lose it, the loss is limited and won’t be as catastrophic.”

“It is a good idea to use such cards any time, even if you are in your own hotel,” he added.

Always use a VPN, even if you are at a “trusted” location, he said.

“Virtual private networks protect against several attacks, even such as DNS [domain name system] poisoning, when all network traffic in a trusted Wi-Fi network is redirected to malicious/phishing Websites,” said Bestuzhev. “So, please use a VPN.”

Charging your phone

Some attacks may come even as you are sleeping.

Bestuzhev encourages travelers in Brazil to use AC/DC for charging their phones, instead of USB.

“This is also important because when you USB-charge your device, the phone works in data mode,” he explained.

“So, under certain scenarios, the attackers could, while you are charging your device, gain access to your mobile device and steal personal information,” he said.

Protecting yourself at home

Use good Internet security products to protect yourself from malware, phishing and network attacks, advised Bestuzhev.

Pay extra attention to what you do online, said Shier.

“During events like the Olympics it’s important to take a moment to make sure that your online interactions receive some extra scrutiny,” he said.

“Do not open any email attachments unless it’s something you are expecting from a trusted source,” said Shier. “Instead of clicking on links, open your browser and type in the address of the site manually.”

And if you’re going to buy something Olympics-related, he said, make sure you use the official sites.

“Basically, even if someone doesn’t go to the Olympics, it is still possible for them to become a victim of cybercriminals from any country in the world,” Bestuzhev said.