Are you planning to cheer on your country's athletes in-person at the Summer Olympics in Rio and need some discounted tickets? Or maybe you can't afford to actually travel there, but would love to win a ticket lottery that would increase your chances of doing so? Or maybe you're not planning to attend at all but would love to get your hands on some 2016 Rio Games merchandise? Well then, have I got some scams for you.
Bad actors, fraudsters and cybercriminals just love crowds, especially the virtual kind they can take advantage of by being out of sight before their victims have even noticed. As a service to our own constant readers, here's just some of the more high-profile (and less-obvious) scams you, as a consumer, should watch out for in your zeal to get your hands on Rio Games tickets or merchandise.
Fake ticketing services. Probably the most prolific threat are sites - often soliciting through pop-up websites or advertising banners - that offer up apparently legitimate ticket services set up by cybercriminals who register domains that include direct references to the Rio games such as "Rio" and "rio2016." According to the Wall Street Journal, there is an underground market for SSL certificates which enable a secure connection between a server and a web browser to make the sites look legitimate. The resulting site, which includes an apparently valid "https" web address, makes it hard for consumers to distinguish fake sites from the official ones. And, thanks to aggressive search engine poisoning - where fake sites actually have a higher place in search engine results than legitimate ones - there may be no real way to avoid them.
To avoid disappointment or being taken advantage of, Olympic fans should only buy from authorized resellers, regardless of how good the prices on those other sites are. In other words, if it looks too good to be true, it probably is.
You've Won the Lottery. Really. A variation on other well-known phishing scams, if you receive an email with a subject line that screams "You've won tickets to the Olympic Games in Rio," don't open it. In these emails, fraudsters will try to convince their marks that their email was culled from a large list (and incidentally, tens of millions entered but it was YOUR email address and name that were selected), and if you respond right now, and include all of your personal information, you will win those prized tickets to Rio 2016. It's all to lure you to a site to input your personal or financial information or attempt to get you to download malicious software onto your PC.
As the perennial lottery games saying goes "You can't win if you don't play." You get the point.
Counterfeit merchandise. Fraudsters know there is an insatiable appetite for genuine Olympics merchandise. Still, by punching in your credit card number to an off-price site you risk (a) that you won't ever get the merchandise and (b) that you may become a victim of identity theft to boot.
Our recommendation is similar to what the card brands advocate: Use a credit and not a debit card to make online purchases. It's safer, it's easier to track and it's easier to get your money back. And, of course, visit the official Olympics store to be sure you're getting everything you're paying for and expecting.
Mobile threats. With more than 1.9 billion smartphones in use, you can imagine that fraudsters see apps the same way they see fake domain sites: as an opportunity to redirect you to a malicious site intended to steal your personal information. If you download an app related to the Rio games, watch where you're redirected, especially if it's to a website that appears to have no association with the games. Additionally, the U.S. government, in association with its "Know the Risk, Raise Your Shield" multimedia program has warned U.S. citizens traveling to Rio (and elsewhere this summer) that criminals are tracking visitors' movements through their mobile phones and are even able to control internal microphones remotely, without the users' knowledge.
Once you're on the ground in Rio another threat you should be aware of are credit card scams. According to the U.S. Department of State, Bureau of Diplomatic Security, in a Crime and Safety report issued about Brazil in advance of the Games, the Bureau expressed major security concerns regarding cybersecurity relative to ATM/credit card scams. Specifically, the "epidemic use of credit card cloning devices and radio frequency interception (RFI) at restaurants, bars and public areas."
This includes at ATM terminals as well as portable point-of-sales systems used to obtain the information stored in the magnetic strip of a credit card as it's swiped for payment. More problematic, many of these schemes are carried out by confederates with insider access who set up the machine to steal the information and then parse it out to another external party, presumably for a modest commission/payout. With most of the world now reverting to more secure Chip-and-Pin cards however, which are harder to clone than magnetically swiped ones, the risk of attendees from becoming a victim of these schemes is lower, but not eliminated entirely.
All that aside, we encourage you to cheer on your country's future Gold, Silver and Bronze medalists at the 2016 Rio games. And, by shopping safely and responsibly, you'll deny the fraudsters from even getting to the starting line.
Author: Heidi Bleau
Category: RSA Fundamentals, Blog Post, Securing the Digital World
Keywords: Consumer Security, Cybercrime and Fraud, Fraud, Malware, Phishing, Summer Olympics