According to experts at Kaspersky, Olympic-related phishing attacks have popped up in several different forms, including through fake pages offering streaming services, tickets to events that don’t allow spectators, and fake Olympic Games virtual currency. Kaspersky researchers stated that it’s common for cybercriminals to take advantage of popular sports events to entice victims into falling for attacks. Kaspersky stated that security teams should be aware of this tactic and ensure that current events are taken into account when conducting threat monitoring. Although the Olympic games look different this year due to Covid-19, attackers have still found ways to leverage the events in convincing attacks.
Kaspersky uncovered one page selling an Olympic Games Official Token, an illegitimate advertisement that doesn’t exist. The virtual currency was purported as a support fund for Olympic athletes. However, any fake tokens purchased through this site will benefit the scammer, rather than the athletes. Another popular tactic found by researchers was fake streaming services. Since there are no spectators this year due to Covid-19, watching the games online is the only way to observe the competitions. Kaspersky was able to find several phishing pages offering streaming services for the games. The caveat is that users have to register to watch. The fake pages then either stored the credentials or redirected victims to a page that distributes malicious files.