As you gear up to cheer your country in Olympics, cyber-criminals are leaving no stone unturned to trap sports fans by launching various kinds of tactics such as Ransomware, Trojan, Botnet, phishing and lottery scams.
Half of the year has passed by and we have witnessed various Ransomware such as Locky, Petya, Samas, Android.Trojan.SLocker.CV attacking individual computers, personal mobile phones and business organizations. According to eScan research, cyber-crooks would be relying on social engineering techniques to lure Olympic lovers into clicking on links or giving their account credentials. The email recipients would presume the email to be genuine, unknowingly download the Ransomware by opening the file sent by the cyber crooks or malicious website. Ransomware may also be delivered via drive-by download attacks on compromised websites. Drive-by-download are malicious pieces of a program that is downloaded to a computer without the users’ consent or knowledge. The malware delivered by drive-by download is usually classified as a Trojan horse, because it deceives the user about the nature of the website or email.
eScan predicts that the wily culprits can also take the help of Botnets to deceive the users into falling prey. Botnet allows hackers to take control of many computers at the same time and turn them into zombies or bots. The word Botnet is coined from two words ‘robot’ and ‘network’. These are used to infect large number of PCs, which are often controlled through a server. It acts as a communication resource for other devices. Therefore cyber-criminals can act as the master of a large ‘zombie network’ – or ‘bot-network’ – that is capable of delivering a Distributed Denial of Service (DDOS) attack or a huge spam campaign.
Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These e-mails often attempt to entice users to click on a link that will take them to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords that can further expose them to future compromises. The cyber-criminals see opportunities in global events and 2016 Olympic Games are no exception. With the high demand for Olympic Games, criminals have sensed this opportunity to create many fake websites by registering such domain names containing “rio” and “rio2016” to sell fake Olympic tickets for luring sports fans. According to the Wall Street Journal, there is an underground market for SSL certificates, which ensure a secure connection between a server and a web browser helps the sites look legitimate. The simple business model used here is where the recipients are asked to provide personal information including sensitive details like bank account details and card details to purchase the tickets.
Cyber-crooks are making use of e-mails written in English and Portuguese, to lure victims that they are the winners of ticket lottery organized by International Olympic Committee and the Brazilian Government. The spammers are attempting to convince e-mail recipients that their e-mail addresses have been chosen randomly from a large list. In order to claim their prize, the victims need to reply to the e-mail and furnish their personal information.
How to Stay Safe:
Use a trustworthy Anti-Virus and Anti-spyware (eScan) on regular basis, which will protect your system from all kinds of Malware attacks.
Always download apps from their official website or Google Play Store instead of unknown sources because many apps store are still offering the app.
Download applications of a reliable app developer. In addition, check the user ratings and reviews of the app before download.
Ensure that all the software installed in your system are updated frequently, including Oracle Java and Adobe.
Implement a three-dimensional security policy in your organization, i.e. firstly understand your requirement based on which IT Security policy would be prepared accordingly. Secondly, educate your staff about the policy and finally enforce the policy.
Make sure you either implement MailScan at gateway level or enable Mail Anti-virus on endpoint in order to block extensions such as *.EXE, *.SCR, *.JS, *.VBE etc. These attachments would infect your system.
Open e-mails only if you are positive about the source.
Always check for “https” prefix before entering any financial information for electronic transmission over the internet.
Never send or reply to emails, which ask for sensitive information such as Credit card number, PIN (Personal Identification Numbers) and Bank account number to an unauthorized person.
Avoid using your debit/ credit card extensively to stay safe from POS (Point-Of-Sales) system scams and card cloning frauds which is expected to rise in Rio during Olympics.
Lastly, restrain yourself from using public Wi-Fi for prolonged session in Olympics zone unless anything is important or urgent.