Malicious Apps and Social Media scams target 2016 Rio Olympic fans and brands
Friday, August 5, 2016 at 8:24AM
Gadjo Cardenas Sevilla in 2016 Olympics, Breaking news, Events and Launches, Public service, security

Hot topics are often exploited by hackers or scammers. The 2016 Rio Olympic games are likely to be the most digitally-enabled Olympics in history, but that presents as many opportunities for attackers as it does for the viewing public. New Proofpoint research suggests that digital risks could affect virtual attendees and fans worldwide. 

In total, we analyzed more than 1,300 Olympics-related social media accounts and thousands of mobile apps across Facebook, Twitter, Instagram, Google+, YouTube, and various app stores. Our findings detail a variety of fraudulent activities as threat actors seek to capitalize on worldwide interest.

Below are the key findings:

Olympic Content Increased, Bad Content Spiked

Social media is a key venue through which sponsors, brands, teams, and athletes interact with a worldwide audience. Not surprisingly, Olympics-related content, from both brands and commenters, has increased dramatically in the lead-up to the games.

Based on previous observations from the Sochi Winter Olympics in 2014, we can expect negative content related to the games to increase by another 40% by the start of the games.

Fraudulent Social Media Accounts Attempt to Fool Fans

Negative or potentially offensive content is hardly the only risk facing those who look to social media for information on the Olympics. We analyzed 1,310 social media accounts with ties to the Olympics and sponsoring brands. Of these, 15% were fraudulent; these fraudulent accounts had over 400,000 subscribers or followers collectively. A closer look revealed a wide range of impostor accounts, as well as substantial numbers conducting more overt illegal activities:

For example, Figure 3 shows a fraudulent page with phishing links designed to trick users into sharing login credentials, credit card information, and other sensitive data. Other sites, purported to offer free or discounted tickets, are actually used to run credit card scams.

In another example, attackers emulated a major airline's Twitter account and tweeted malicious links to an Olympics sponsor. These links delivered malware to vulnerable PCs.

Mobile Malware Also Targeting Olympic Fans Over Social

Malware delivered via social media is not limited to desktop computers either. Three weeks ago, we detected a malicious Android install kit posted to Olympics-related Facebook pages. One week ago, we detected four new instances of this kit, which can potentially take over Android devices and steal sensitive information.

Mobile apps are also potential targets for threat actors. We found over 4,000 Android apps and over 500 iOS apps related to the Olympics that exhibited risky or malicious behaviors. One notable app (Figure 5) purports to offer updates about the games but actually contains code that could take over social media accounts, read data from any device to which users connect their phones, and send data to third-party ad networks.

Tips for Social Media Fans and Brands

As with many major events, whether holidays, elections, or sporting events, threat actors look to capitalize on our curiosity and willingness to engage via digital media. As a result, both consumers and brands need to be exceedingly cautious in their interactions with Olympic-themed social media and mobile applications, both of which are prime targets.

In general, individuals should:

Brands, for their part, should:

While the physical safety of athletes and in-person attendees in Rio has dominated headlines around the 2016 Olympics, digital safety is also a critical concern. Over the coming weeks, fans worldwide will be tracking their favorite athletes and brands will be interacting on a virtual world stage. Enjoy the games safely, whether from the sidelines in Rio or on a screen halfway around the world.

Article originally appeared on Reviews, News and Opinion with a Canadian Perspective (https://www.canadianreviewer.com/).
See website for complete article licensing information.