Advertisement

The Art of Avoiding Identity Theft and Scams At The Olympics

dave cox
Updated ·6 min read
0

Although the 2016 Olympics ends tomorrow, it's important to ensure your safety while you're there. The Brazilian government has 85,000 armed soldiers and police to protect the physical safety of visitors, but what about online security?

What is identity theft?

Wikipedia defines identity theft as "the deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name, and perhaps to the other person's disadvantage or loss."
Hackers and other malicious parties often use scams and/or social engineering attacks to steal identities. Scams often take the form of phishing, spear phishing, using malware to steal information, etc.
A phishing attack is when a person uses email, malicious websites, spam SMS messages and other tools to trick people into giving them personal information. A phisher will usually try to get your bank or credit card information. In other instances, they might try to trick you into revealing your username and password for an online account like Facebook.
Norton provides some tips to recognize a phishing attack:

  • Phishers, pretending to be legitimate companies, may use email to request personal information and direct recipients through malicious websites.

  • Phishers tend to use emotional language using scare tactics or urgent requests to entice recipients to respond.

  • The phish sites can look remarkably like legitimate sites because they tend to use the copyrighted images from legitimate sites, like official logos.

  • Requests for confidential information via email or Instant Message tend not to be legitimate.

  • Fraudulent messages are often not personalized and may share similar properties like details in the header and footer.

Spear Phishing

Spear phishing is a twist on a regular phishing attack. Phishing emails affect millions of people, but spear phishing is a little more personal. If a hacker discovers your name or other personal information, they can make the email seem even more legit. For example, the email says "Dear Bob" instead of "Dear Sir".
Maybe the email references a friend of yours or discusses an online purchase you recently made. Since the message sounds like it came from a person, you know, or your friends know it appears to be legit and has a better chance at being opened by the target. These targeted attacks are dangerous. How do they get your information?
Hackers can search randomly across Facebook to look for profiles with emails publicly shown. Maybe they attacked a company and stole email addresses - it happens all too frequently. Another example is if they saw a tweet or post by you talking about a recent purchase.

Scams at the Olympics

Some examples of Olympic-specific scams could be counterfeit merchandise, fake Olympics websites, or lottery scams. Your information is often vulnerable on public Wi-Fi. Kaspersky Lab traveled to Rio to map out and assess the security of Wi-Fi networks that visitors may encounter. They found that nearly a quarter of Wi-Fi networks found in public venues were unsecured. The researchers found more than 4,500 access points in areas around Olympic Games venues. 18% of these networks were open. Data traveling across open networks is not encrypted and can be easily compromised. Kaspersky Lab recommends using a Virtual Private Network (VPN) in Rio.

Brazil Map



A Fortinet report says that the country saw an 83% increase in malicious URLs, compared to 16% in the rest of the world. Phishing activity found globally spiked 76% between April and June. The US State Department's Overseas Security Advisory Council (OSCAC) said earlier this year that,

"Brazil continues to rank as one of the most pervasive cybercrime environments worldwide. Brazilian cybercriminals have grown more brazen, stealing billions of dollars annually despite new legislation and official reports to stop malicious activity online."

Even if you did not go to the Olympics, you could still be at risk. The Better Business Bureau noted in 2014 that counterfeit merchandise was rampant after the Sochi Olympics. Searching on eBay found 5,693 items, like a fake "Olympic Torch Sochi 2014) priced at $7,000.

Prevention

So, how to prevent these crazy scams? First, if you want to buy Olympics merchandise, buy it from the official website. Companies mass produce these items, and they rarely increase in value.
Second, on your social media pages, especially Facebook, make sure you lock down your information. Facebook has a Privacy Checkup tool where you can quickly check what information is publicly shown on your profile.

Facebook Privacy Checkup



When you travel to the Olympics or anywhere else, use a VPN. Services like LiquidVPN have great options to keep your data safe, even on a public Wi-Fi network. Check out the guide on security tools while you are at it.
As for phishing/spear phishing, most if not all companies will never ask for your personal information in an email. If you need to update your account information, they will direct you to their website. Make sure that the operating systems and software you use are fully updated. Companies routinely update their products to fix bugs and vulnerabilities.

Tools

Once you are on the website, first make sure that your browser is using HTTPS. Next, if you think it might be a fake website, take a look around. See if there are any spelling errors, look at the logo to check for mistakes. If you are still unsure, there is a free service called VirusTotal that may help. It is a subsidiary of Google that can scan URLs and uploaded files. If you see a suspicious email from a "friend" or bank, you can call them to verify if the email was from them.
Use two-factor authentication for your online accounts wherever possible. Although there have been a couple of rare instances where attackers compromised 2FA accounts, it is still much more secure than an account without it.
When you're buying things online, like Amazon, it can be tempting to have the website save your credit card information, so you don't have to enter it each time. However, what if hackers attack the website and steal your information? A service called Privacy can help. You link it to your bank account and create virtual credit/debit cards. It's even possible to use a "burner" card only good for one use or set limits on how much a merchant can charge.
Finally, if you think you have already been the victim of identity theft, the government has a website - Identitytheft.gov. It offers specific steps to take:

  • Call the companies where you know fraud occurred.

  • Place a fraud alert and get your credit reports.

  • Report identity theft to the FTC.

  • File a report with your local police department.

The police probably can't do very much, but it's still important to file a report and get your name and incident on file. However, the police could also help you get an attorney or advocate, depending on the severity of the situation. The FTC also has free information to help businesses protect customers and meet their legal obligations.

How do you secure your personal information when you travel? Let us know in the comments.