Piggybacking on the popularity of the winter olympics, cybercriminals are expected to test email security measures by launching major spamming and phishing attacks. We are all interested in the latest news from Sochi, but unfortunately, like any major event, Sochi has also inspired interest from criminal elements. The United States Computer Emergency Response Team has issued a statement warning that the winter Olympics may be used as a lure to tempt people into clicking on spam, particularly in emails with “Sochi” or “Winter Olympics” in the subject line; using the name of a major sports event as a spam email subject line is a longtime favorite of scammers and spammers.
Spammers take advantage of major events to make their e-mails appealing
Sports events also inspire scammers to create fake websites that deliver malware when a user is persuaded to click on a link, and US-CERT warns that unfamiliar sports sites should be avoided. There is widespread agreement about avoiding fake websites or suspicious links, but an unexpected controversy has erupted about other aspects of Sochi security. ”Visitors to Russia can expect to be hacked," NBC anchor Brian Williams said in a report about cyber-dangers in Russia. “It's not a matter of if, but when.” And how do you get hacked in Sochi?
The report implied that just turning on your phone or computer is all it takes. Reporter Richard Engel set up a couple of test computers to demonstrate how quickly they would be compromised once they logged onto Russian networks. “Before we even finished our coffee the bad actors had hit,” stealing information and downloading malware. Talking about internet security Engel said visitors were “entering a minefield the instant they log on to the Internet.”
The reaction was swift, and possibly not entirely the response NBC was anticipating. Security expert Robert Graham claimed the computers were hacked because the demonstrators deliberately visited fake Olympic websites and clicked on suspicious links (probably with a computer that was lacking antivirus and anti malware protection); in other words, because they did things that would make it likely they’d be attacked by malware no matter where they were in the world. Graham tried to get his phone hacked, but it wasn’t as easy as the NBC report made it look. First he needed to disable the security features on his Android phone that made it impossible to download apps that didn’t come from the app store. Then he spoofed his IP address to make it look as if he was in Russia, but viruses proved pretty hard to find. When he finally did find a virus, his phone gave him a warning when he tried to download it.
In a nutshell spammers are always looking for the right opportunity and widely popular events like the Olympic Games are no exception to this rule. Even if a spam or phishing attack is unsuccesful and no money is taken from your account, this information could well be used to steal your identity in the future. As an extra measure of security in a high-risk country, a VPN connection can be used for transactions such as banking. But what exactly is a high-risk country?