5 fraudulent methods used by cybercriminals in the atmosphere of the "Tokyo Olympics"

A sample of a page designed to steal users' credentials.

From the source

The issue of preventing mass attendance at the 2020 Olympic Games, which started in Tokyo a few days ago after an unprecedented one-year delay, is not limited to the physical safety of individuals, but also extends to their digital safety due to the absence of attempts to penetrate the unsecured wireless Internet networks that have been found in stadiums.

But cybercriminals will aim to take advantage of the public's eagerness to watch the Olympics by carrying out a number of online fraud schemes.

Kaspersky experts analyzed Olympic-related phishing sites designed to steal users' credentials to understand the scammers' efforts to monetize the public's interest in this major international sporting event.

The researchers found fake pages offering its visitors a service to broadcast Olympic sports events, get various gifts and even sell tickets for competitions even though no audience will attend, and even the first fake virtual currency for the Olympic Games.

Kaspersky experts discovered many phishing pages showing broadcasts of the Olympic Games, which is to be expected as spectators move from stadiums to the Internet.

Some pages ask visitors to register before viewing, so that if the user enters his credentials, he is directed to a page that distributes malicious files that in turn downloads malware on his device.

The user also sends his identifying information to people he doesn't know who may start using this data for malicious purposes or sell it on the dark web.

Although the Olympic Games in this session are devoid of public attendance, scammers are keen to try phishing attempts that they have tested well and feel are still somewhat effective, such as selling tickets to attend events, along with pages offering refunds for what they claim are “amounts paid to buy tickets.” ».

Also, Kaspersky experts, by analyzing the discovered pages, found “disguised” phishing pages in the form of official Olympic pages, such as a page claiming to be the official website of the Tokyo 2020 Olympics, and another page that mimics the IOC page, for example, which collects credentials to access MS services of users.

No major public event is complete without fraudsters imitating the generous gifts distributed on the sidelines of its events.

So the experts also found phishing pages offering to win a TV.

It is common for each user to become a lucky winner, but to receive his prize he has to pay the connection fee, and of course the TV never reaches the deceived user.

Finally, Kaspersky researchers found a site offering the “first-ever Olympics virtual currency,” which comprises a fund to support Olympic athletes.

If the user buys this so-called coin, the scammers offer to provide financial support to talented athletes in need around the world.

Cybercriminals always resort to well-known sports events to use them as bait in order to carry out their attacks and inflict their victims, according to the security expert at "Kaspersky", Olga Svestonova, who indicated expectations that there will be no digital attacks related to the attendance of fans in stadiums, but she stressed that fraudsters do not stop them. When it comes to devising new methods of fraud.

"This year we discovered an interesting phishing page that sells what it claims is the official currency of the Olympic Games, something that doesn't really exist, which means that not only are cybercriminals faking what is real and existing, but they are also coming up with sophisticated subversive ideas," she said.