5 Cyber-scams to Watch for During the Rio Games

Want to cheer on your favorite Olympic team with the right swag, or even in person? Before you buy, either online or on-site, beware of these scams.

Probably the most prolific threats are sites, often soliciting through pop-up Websites or advertising banners, that offer apparently legitimate ticket services set up by cyber-criminals who register domains that include direct references to the Rio games such as “Rio” and “rio2016.” There is an underground market for SSL certificates that enables a secure connection between a server and a Web browser to make the sites look legitimate. The resulting site, which includes an apparently valid “https” Web address, makes it difficult for consumers to distinguish fake sites from the official ones. To avoid disappointment or being taken advantage of, Olympic fans should only buy from authorized resellers.

A variation on other well-known phishing scams, consumers who receive an email with a subject line that screams “You’ve won tickets to the Olympic Games in Rio,” should not open it. In these emails, fraudsters will try to convince their marks that their email was culled from a large list, and if they respond right now, and include all their personal information, they will win those prized tickets to Rio 2016. The scam is designed to lure consumers to a site to input their personal or financial information or attempt to get them to download malicious software onto their PC.

Fraudsters know there is an insatiable appetite for genuine Olympics merchandise. But by punching in their credit card numbers to an off-price site, consumers risk (a) that they won’t ever get the merchandise and (b) they may become a victim of identity theft. RSA’s recommendation is similar to what the card brands advocate: Use a credit and not a debit card to make online purchases. It’s safer, it’s easier to track, and it’s easier to get the consumer’s money back. And, of course, consumers should visit the official Olympics store to be sure they’re getting everything they’re paying for and expecting.

With more than 1.9 billion smartphones in use, one can imagine that fraudsters see apps the same way they see fake domain sites: as an opportunity to redirect users to a malicious site intended to steal their personal information. Users who download an app related to the Rio games should watch where they’re redirected, especially if it’s to a Website that appears to have no association with the games. Additionally, the U.S. government, in association with its “Know the Risk, Raise Your Shield” multimedia program, has warned citizens traveling to Rio that criminals are tracking visitors’ movements through their mobile phones and are even able to control internal microphones remotely, without the users’ knowledge.

Olympics attendees on the ground in Rio should be aware of credit card scams. The U.S. government issued a report expressing major security concerns regarding cyber-security relative to ATM/credit card scams, specifically, the “epidemic use of credit card cloning devices and radio-frequency interception (RFI) at restaurants, bars and public areas.” This includes at ATM terminals and portable point-of-sale systems used to obtain the information stored in the magnetic strip of a credit card as it’s swiped for payment. With most of the world now reverting to more secure chip-and-PIN cards, the risk of attendees becoming a victim of these schemes is lower, but not eliminated entirely.