Hot topics are often exploited by hackers or scammers. The 2016 Rio Olympic games are likely to be the most digitally-enabled Olympics in history, but that presents as many opportunities for attackers as it does for the viewing public. New Proofpoint research suggests that digital risks could affect virtual attendees and fans worldwide.
In total, we analyzed more than 1,300 Olympics-related social media accounts and thousands of mobile apps across Facebook, Twitter, Instagram, Google+, YouTube, and various app stores. Our findings detail a variety of fraudulent activities as threat actors seek to capitalize on worldwide interest.
Below are the key findings:
- 15% of Olympics-related accounts were fraudulent, and 84% of those were impostor accounts. Many featured illegal live-streaming, phishing, unauthorized ticket sales and anti-Olympics propaganda
- Bad content incidents increased 60% in the two months leading up to the games. If incidents follow Sochi activity, we expect to see another 40% increase by the start of the games
- Overall social content increased 200% in the two months leading up to the games
- We’ve identified more than 4,500 mobile apps associated with the Olympics and sponsor brands. The 4,000+ Android apps and 500+ iOS apps include numerous examples of risky mobile apps.
Olympic Content Increased, Bad Content Spiked
Social media is a key venue through which sponsors, brands, teams, and athletes interact with a worldwide audience. Not surprisingly, Olympics-related content, from both brands and commenters, has increased dramatically in the lead-up to the games.
Based on previous observations from the Sochi Winter Olympics in 2014, we can expect negative content related to the games to increase by another 40% by the start of the games.
Fraudulent Social Media Accounts Attempt to Fool Fans
Negative or potentially offensive content is hardly the only risk facing those who look to social media for information on the Olympics. We analyzed 1,310 social media accounts with ties to the Olympics and sponsoring brands. Of these, 15% were fraudulent; these fraudulent accounts had over 400,000 subscribers or followers collectively. A closer look revealed a wide range of impostor accounts, as well as substantial numbers conducting more overt illegal activities:
- 82% were impostor accounts, with misleading use of brand elements relating to the Olympic Games or sponsors to attract followers and interaction
- 6% offered illegal live streaming of Olympic events
- 6% used the popularity of the Olympics to steal follower credentials in phishing attacks
- 4% involved fake or unauthorized ticket sales
- 3% emulated Olympics pages to distribute anti-Olympics or anti-Brazil propaganda
For example, Figure 3 shows a fraudulent page with phishing links designed to trick users into sharing login credentials, credit card information, and other sensitive data. Other sites, purported to offer free or discounted tickets, are actually used to run credit card scams.
In another example, attackers emulated a major airline's Twitter account and tweeted malicious links to an Olympics sponsor. These links delivered malware to vulnerable PCs.
Mobile Malware Also Targeting Olympic Fans Over Social
Malware delivered via social media is not limited to desktop computers either. Three weeks ago, we detected a malicious Android install kit posted to Olympics-related Facebook pages. One week ago, we detected four new instances of this kit, which can potentially take over Android devices and steal sensitive information.
Mobile apps are also potential targets for threat actors. We found over 4,000 Android apps and over 500 iOS apps related to the Olympics that exhibited risky or malicious behaviors. One notable app (Figure 5) purports to offer updates about the games but actually contains code that could take over social media accounts, read data from any device to which users connect their phones, and send data to third-party ad networks.
Tips for Social Media Fans and Brands
As with many major events, whether holidays, elections, or sporting events, threat actors look to capitalize on our curiosity and willingness to engage via digital media. As a result, both consumers and brands need to be exceedingly cautious in their interactions with Olympic-themed social media and mobile applications, both of which are prime targets.
In general, individuals should:
- Only engage with verified social media pages and use official mobile apps linked from a brand's official web site
- Only purchase event tickets from the official Olympics site
- Avoid free-streaming, “too good to be true” offers, and unofficial mobile apps
Brands, for their part, should:
- Automate content moderation to deal with the increase in content volume and potentially offensive or malicious content
- Use a discovery tool to find and help take down fraudulent social media accounts and mobile apps
- Install a social media protection tool to mitigate account hacks
- Use strong passwords and adopt two-factor authentication
- Limit the number connected apps that can publish to your pages
While the physical safety of athletes and in-person attendees in Rio has dominated headlines around the 2016 Olympics, digital safety is also a critical concern. Over the coming weeks, fans worldwide will be tracking their favorite athletes and brands will be interacting on a virtual world stage. Enjoy the games safely, whether from the sidelines in Rio or on a screen halfway around the world.