Written by: Ryan Angelo Certeza

The Olympics has always been highly publicized and highly anticipated. Taking place every four years, everything associated with the Olympics—from the host country declaration to the final ceremonies—catches the world’s attention. It’s easy to see why Olympics followers are such tempting cybercriminal targets.

What threats take advantage of the Olympics?

Like other big sports events, the Olympics is leveraged by a host of threats.�Some compromise sports fan sites to serve malware, others use spam to notify bogus ticket raffle winnings, while others are led to malicious links straight from search engine results.


How do Olympics-themed threats differ from those tied to other major sports events?

There’s not much difference in the methods cybercriminals employ in the Olympics as compared with other sports events. Cybercriminals just tailor their schemes in a way that it coincides with popular Olympics searches or events.

Olympic-themed threats come in various forms like:
  • Seemingly harmless emails either with a malicious attachment or a malicious link. These usually convinces recipients to download and open the attachment or click the link.
  • Phishing and other malicious sites whose links appear as top search engine results when users look for anything Olympic related. These sites are made to look like legitimate ones to give victims a false sense of security while stealing personal information or infecting their systems with malware.
How do these threats affect Olympics fans?

Olympics fans who encounter these threats open themselves to disastrous results. Compromised sports sites can drop malware on users’ systems. Spammed messages can contain malicious links and attachments. Fake video streaming sites can trick fake antivirus purchase.

These threats can trick users into revealing stuff about themselves that they normally would not freely give out. The users then end up as financial theft victims or, worse, identity theft victims.

If you want to scour the Web for more information, how should you go about it?

You can get information from official Olympics websites and sponsors. Refrain from clicking Olympics-themed links sent via email, IM, or social media messaging. Keep in mind that cybercriminals often poison top-ranking search results to distribute malware or lead you to their traps—specially crafted sites and/or pages. Such an incident was seen in relation to the 2010 Vancouver Winter Olympics. Poisoned links led to a site that hosted malware in the guise of Windows Media Player updates. Instead of using popular search engines, go straight to official news sites.

If you want to watch the Olympics in person, what threats should you watch out for?

If you want to watch the Olympics in person, watch out for threats before, during, and after the games. Monitor how you consume related information, and watch out for rogue purchases. Here are some things to keep in mind:
  • Watch out for promises of outrageous discounts on hotel accommodations, plane tickets, and event tickets.
  • Make sure you only deal with official ticket sellers and/or resellers and reputable hotels. Scammers lured users into revealing personal information in exchange for a large cash prize as well as free tickets and accommodations during the 2008 Beijing Olympics.
Falling prey to scammers will not only dampen your Olympic experience but will also put your finances at risk.

If you are content to watch the Olympics via streaming sites, what threats should you be aware of?

If you would rather watch the Olympics via streaming sites, make sure you only do so on the official or accredited partners’ sites. Unfamiliar streaming sites, especially those that offer “unrestricted video access,” can be carefully laid-out cybercriminal traps. Think before you click because you may likely end up with an infected system.

Live streams of sports events are commonly abused, as evidenced by the fake streaming sites that cropped up in relation to the 2010�Pacquiao-Clottey match.

What other threats can crop up in the future?

More and more people will ride the “Olympic wave” as its beginning draws nearer. It’s safe to assume, too, that the number of attacks will increase and may even pose graver threats.

Here are just a few examples of Olympic-themed attacks:
  • Before: Scams touting free tickets and/or discounted hotel accommodations
  • During: Fake live streams and/or videos, Twitter hashtag hijacking, scandalous Olympian photos and/or social networking accounts, and rogue apps
  • After: Controversies involving Olympians and fake paraphernalia auctions
Are Trend Micro product users protected from Olympic-themed threats?

Trend Micro™ Smart Protection Network™ Email Reputation Technology prevents malicious spam from even reaching your inboxes. Web Reputation Technology blocks access to malicious links and File Reputation Technology detects and blocks the download and/or execution of malicious files and scripts.

You can also use HouseCall to scan and clean your infected system.

"There's really nothing new about the social engineering ploys that cybercriminals use. For years, it has been riding on popular topics that may be interesting at the moment. People should be watchful and informed about the risks when browsing the internet and when opening emails, especially when it is coming from an unknown sender. Remember that any computer system is just as strong as its weakest link." – Erika Mendoza, Threat Response Engineer