The Olympics in Beijing may now be over, but the aftermath left from malware writers and online scammers is still being felt by many. This month, we take a look at the online traps set by cyber criminals to leverage public interest in the 2008 Summer Olympic Games.
Understanding the Threat
Social engineering attempts – when users are manipulated into performing certain actions or disclosing confidential information – are becoming more sophisticated and increasingly prevalent. Why? The fact is that it’s an effective means of taking advantage of consumers. Often times, the easiest way for cyber criminals to get hold of your private information is by preying off your emotions in order to get you to act in a way that suits their sinister intentions. That means that while security software is imperative to stay safe online, making informed decisions is equally critical.
Malware purveyors are known to exploit current events and major world happenings in order to fool victims, spread their scams, and make a profit. Unfortunately for computer users, this year’s Olympic Games in China upheld that norm.
Long before the games commenced on August 8, 2008, consumers were warned by security researchers to be especially cautious regarding links and attachments in e-mail messages. While it was predicted that scammers would be out in full force for the Summer Games, what was not certain was just how they would strike.
The Bad Behavior
The bad behavior relating to the Olympic Games came in many shapes and sizes. Taking a look back at the tactics used over the past few months can provide insight into the methods you need to be on the lookout for in the future. Below is a recap of a few of the ways cyber criminals attempted to get past your defenses and cash in on the period leading up to the Summer Games.
- Mid April brought news of the bad guys circulating a video rigged with a malicious rootkit to infect users. The “Race for Tibet” movie, according to reports, showed a Chinese gymnast performing alongside images of unrest in Tibet. If the viewer followed the messages’ prompts, instead of joining a “race for Tibet” protest, they would be infected with a keystroke logging tool which would send their data to a server in China.
- In June, researchers revealed that botnet operators were using phony reports of an earthquake in Beijing to spread malware. The spam campaign, an attempt to take advantage of people’s curiosity and excitement over news relating to the upcoming Olympic Games, persuaded users to click on a link leading them to a website with a .cn domain. Links on the site claimed to launch video of the news but, in actuality, led to downloading malware on the user’s system.
- The beginning of August produced reports of the discovery of professional-looking phishing sites selling fake tickets to the Beijing Olympic Games. Instead of getting tickets, victims of this international scam were swindled of their cash, credit card numbers and personally identifiable information. The International Olympics Committee took action to shut down the fraudsters, but not before many had already been swindled.
- Just prior to the start of the Olympics, security researchers noted a targeted online attack aimed at sporting organizations and athlete representative groups. By purporting to be a PDF press release sent from the International Olympics Committee, the attackers were able to con victims into opening a malicious attachment within an e-mail message. The person’s computer would then become infected with a Trojan able to log sensitive information.
Along with having updated security software in place to actively protect your PC from malware, the best way to beat social engineering scams is awareness. Keep in mind that events that draw widespread public interest such as the U.S. election period and the holiday season in December will, without a doubt, be used to propagate online scams. While you cannot anticipate all events that may be taken advantage of, here are winning strategies to ease your chances of getting scammed:
- Get your news from a reliable source. Malware writers are renowned for playing off of public interest in current events to trick computer users. If you are curious about the facts of the latest news story, go directly to a reliable online resource. Do not trust links in instant messages, e-mail and other personal messages.
- Don’t be tempted by unsolicited messages. Spammers try to lure you to open messages by promising videos or information that they think will pique your interest. Never click on links or open attachments from unknown senders.
- Exercise caution with online purchases. Whenever you make a purchase online, research the source prior to getting out your credit card. These days, phishing sites can look surprisingly similar to legitimate websites, and it’s often hard to tell at first glance that you are being deceived.
- Avoid installing unknown files. Scan programs and files that you download from the Internet or from your e-mail with updated security software.