Heads-up! There is a spike in phishing attacks with Summer Olympics themes, and in the coming months the bad guys are going to be all over this.
Kaspersky Labs researchers are reporting on this even now. Threat actors are competing for and registering domains that have words like "Rio" and "Rio2016", combined with low-cost SSL certs to make their fake sites look real.
Researcher Andrey Kostin was quoted in SCMag: "Users may receive a phishing or malicious email, they might click a phishing link or advertising banner, or they might using a search tool and choose a fake website selling tickets". He said the most effective scams were conducted using phishing websites that emulate ticket sale services.
Here is a link to the Kaspersky blog, which states that the attacks use DOC or PDF attachments and use social engineering tricks that make users open these documents.
There are also scams going around claiming that users have won Rio-related lotteries and even fake ads for magic pills that promise to make the user into an "Olympic champion". Yeah, sure.
In other words, nothing really new here, but it's important to warn your employees about it because the Olympics are such a big event. There is going to be a lot of controversy connected with the Rio Olympics, because of the Zika virus and the unrest in the area because of a recent rape. This is an example of a CNN article where doctors urge to postpone or move the Olympics, and there are news articles about a gang rape in Rio all over the net, which are used as click-bait.
I strongly suggest you send the following to your users. Feel free to copy/paste/edit:
The Summer Olympics in Rio de Janeiro are going to be a major event, however, the bad guys are going to exploit this with a multitude of scams at the same time. Anything you receive in email, text, or even voice mail, you should look at with a healthy dose of skepticism, and ask yourself: "Could this be a scam?" Here are six examples but the possibilities for scams are endless:
- Emails with DOC or PDF attachments related to tickets or other special offers related to Rio
- Advertising banners on websites that are poisoned and infect your workstation
- Scam phone calls trying to sell you Rio-related travel or even products
- Links to controversial Rio-related videos
- Claims that the whole event will be moved because of the Zika virus
- Complete fake websites which claim they will sell you cheap tickets to the event
So remember, anything to do with the Olympics in Rio the coming months... Think Before You Click!
For KnowBe4 Customers, we have a template in Current Events you should send to your users ASAP. The title is: "Summer Olympics Canceled In Rio"
PS: If you are not a KnowBe4 customer yet, send a (no-charge) Phishing Security Test to your users and find out the Phish-prone percentage of your employees. The results are often shocking but a good way to get budget. Start here:
PS, don't like to click on redirected buttons? Cut & Paste this in your browser: