What a summer of sport it has been. We’ve witnessed in our millions the British & Irish Lions rugby team triumphing in the Rugby Union Test series in Australia; Chris Froome winning the 100th edition of the Tour de France; Missy Franklin taking a record sixth gold at the Swimming World Championships in Barcelona; the Miami Heat winning the NBA finals; and finally, for the first time in 77 years, a Brit claiming the Wimbledon men’s singles tennis title!
All of which is to say that nothing captures the public imagination quite like a major gathering, be that a sporting encounter or music festival, such as Glastonbury. And that is certainly true also of the IAAF World Athletics Championships in Moscow (10-18 August) where elite athletes from all over the globe will compete. Who wouldn’t want to be there to witness the outstanding battle of wills and talent out on the field and track? Who wouldn’t want to grab tickets fast before they all disappear?
The problem is that it won’t just be the eyes of sports fans fixed on this great occasion – there will also be the eyes of countless touts, selling tickets in their tens of thousands over the internet that are worthless fakes. And it’s all too easy. How often have you bought on line yourself, assuming you are safe, but not really checking to be certain you are? Add in the pressure of watching tickets being snapped up (for an event you have set your heart on being at) faster than you can say “100 metres final” and you can see why the touts score such enormous success themselves. With so many sports and such high stakes, and only limited space for dedicated fans, it’s not surprising that there are bad guys out there willing and ready to take advantage of our eagerness to secure tickets.
Inevitably, big events like the World Championships and the forthcoming FIFA World Cup in Brazil (June-July 2014) attract countless fraudsters and cybercriminals – engaged in everything from the dissemination of rogue antivirus to ticket touting. After all, the potential profits to be made are vast and the level of sophistication of attack is growing all the time[1] .
We’ve seen it all before, of course…. In the run-up to the London Summer Olympics, attackers used Olympic hashtags on Twitter to spread malicious code, bundling threats with popular Olympic-themed Android apps, and creating spam and phishing scams that pretend to be contests sponsored by credit card companies — all in the hope of taking full advantage of the excitement surrounding the event. There have also been instances of spammers attempting to trick users into downloading malware.
As the London Olympics approached, phishing sites sprung up everywhere, such as the one masquerading as a key sponsors’ promotion. Here, the phishers created such an eye-catching phishing site that it was easy to be taken in. The phishing pages, hosted in Brazil, included several fake offers such as ‘Win Free Trips to the 2012 Summer Olympics in London!’, ‘Participate and win laptops, cameras and many great prizes’. The London Olympics logo was placed at the centre of the page and, below the logo, were images involved in the event, such as the London Olympic Stadium, Wembley Stadium, the North Greenwich Arena and the London Underground, promoting the Games. Customers were prompted to participate in the offers by clicking a button labelled ‘Participate now’. Anyone who did was redirected to the next phishing page, asking for the user’s confidential information, including full name, email address and password, date of birth, credit card number, name on card and security code. With all that captured, the phishing site acknowledged the registration with what appeared to be a validation of the entry. And so another victim was hooked.
While major sporting events and concerts are high-profile examples of ticket touting at its most devastating, its reach goes way beyond these. And, more and more, the cybercriminals are turning to social media to trap their victims, as the recently published Website Security Threat Report (WSTR) makes clear. No surprise, really, as the criminals stalk their prey to the most popular ‘watering holes’, with the likes of Facebook and Twitter key targets.
However, in the past year, online criminals have also started preying on newer, fast-growing sites, such as Instagram, Pinterest and Tumblr. Typical threats include fake gift cards and survey scams. These kinds of rip-offs now account for more than half (56%) of all social media attacks. For example, in one scam the victim sees a post on somebody’s Facebook wall or on their Pinterest feeds (where content appears from the people they follow or in specific categories) that says: ‘Click here for a $100 gift card’. Click on the link and you are taken to a website where you’re asked to sign up for any number of offers, turning over personal details in the process. The spammers get a fee for each registration and, naturally, there’s no gift card.
We are now witnessing ever more threats targeted at social media websites, as well as more and more new channels and platforms opening up, especially those that are available only as mobile applications where rich pickings are to be had from teenagers and young adults, who may not know how to recognise such attacks and be a little less protective of their personal details.
So what should you do, if you are not to be one of the fraudsters’ online victims, and avoid spam and phishing attacks? Here are some best practice tips:
- Do not click on suspicious links in email messages
- Never enter personal information in a pop-up page or screen
- When entering personal or financial information, ensure the website is encrypted with an SSL Certificate. Look for a padlock, ‘https’, a trust seal, such as the Norton Secured Seal*, or a green address bar (seen on sites using Extended Validation SSL Certificate that are virtually impossible to be spoofed or used by phishers)
- Frequently update your anti-virus software and operating system on your computer, both of which can protect you from online phishing.
Finally, no matter how much you may want those tickets, or that present, and no matter how pressing the deadline, pause before you act. Ask yourself: “Is this too good to be true?” If there’s any doubt in your mind, step away. Better to risk losing out than to discover later on that your bank account has been severely depleted.
*According to a survey carried out this year by independent web research organisation Baymard Institute, the Norton Secured Seal is by far the most trusted, with 35.6% of the votes – nearly 13% ahead of its nearest rival. It was shown to be the seal that gave customers the strongest sense of trust when purchasing online, making it the de facto choice (http://baymard.com/blog/site-seal-trust).
