Playing it Safe: A Security Guide to the 2016 Summer Games

In August, Brazil will once again be the center of the sporting world as the host of the upcoming 2016 summer games. While the success of the 2014 World Cup held in Brazil demonstrated that the country has the capability to host global sporting events, it also demonstrated the tendency—and ability—of cybercriminals to capitalize on such huge events.

Big events such as international sports tournaments are triggers for social engineering tactics and other activities that usually lead to identity theft and fraud, as evidenced by the number of World Cup-related scams and malicious apps we saw in 2014.

The previous games held in 2012 also had its fair share of cybercriminal activity. Attackers know that sports enthusiasts are more susceptible during the rush and excitement around major events, as fans from all over the world look for online deals, coupled with an influx of tourists who may be unfamiliar with the host country, its language, and customs.

The characteristic traps vary—bogus online ticket deals, email spamming and malware-infested streaming sites are examples of the most common threats. We can expect the same and more of it this year in Brazil. Brazilian hackers are known to specialize in banking fraud while the country is known for its lax cybercrime laws.

[READ: The Brazilian Underground: A Market for Cybercriminal Wannabes?] 

The typical threats you might encounter during global sporting events

Fake Sites and Phishing Scams Because of realistic pages and legitimate-looking URLs, phishing sites and fake e-commerce pages bring in big business for cybercriminals, and they're getting harder to spot. In a rush to buy discounted seats, fans carelessly provide personal and financial information, or even pay for a non-existent bargain. For those watching from home, streaming links for the games lead to malicious sites and phishing scams.   

Spam Emails Contests and lotteries are the typical bait used by spam email. Notifications for free tickets and giveaways lead you into downloading malware or a phishing page that asks you to share personal information or log in with account credentials. Logos and official-looking headers on incoming mail are no guarantee either, as cybercriminals are getting better at designing their pages.  

Tangible Threats

Threats aren’t limited to online transactions; cybercriminals continuously update old scams and invent new ways to take advantage of your devices.  

A free USB charging station can be tempting for many tourists, and opens up many possibilities for criminals. A fake charging station could let an attacker connect to your device and gain access to steal personal information, infect the device, and even exert a certain level of functional control over it.

ATM scammers are also becoming more creative and use different methods to compromise users. Criminals have gone from rigging the keypad and screen to using more sophisticated ATM malware that don't require physical access. Face-to-face cons are also prevalent—you should be wary of “helpful” strangers who offer to assist you as criminals may disguise themselves as bank employees.  

Modern credit cards have EMV technology in place to secure against Point-of-Sale (PoS) attacks, but the Brazilian cybercriminal underground also specializes in credit card cloning. In fact, criminals in the country were the first to successfully clone EMV credit cards. Be cautious of where you use your credit card and who has access to it.

Unsecured Connections From fans who want to share selfies on social media to reporters covering the event and offering live updates—everyone needs to be connected to the internet. Organizers committed to provide free WiFi in 60 facilities across the tournament grounds, available through local mobile carrier Claro and phone service Embratel. Cisco Systems is responsible for the network infrastructure with 7,000 WiFi access points and 100,000 LAN portal networks.

Although it is tempting to connect to a free network, be wary of unsecured and unverified networks. Criminals can set up fake access points and provides easy access to their network, enabling them to intercept information and steal data.

What You Should Do…

Before you leave

• Bookmark verified and trusted sites. When buying tickets or merchandise, make sure to get them through their official websites. Remember to bookmark the official licensed retail website to prevent you from accidentally going to the wrong site. Criminals often create similarly-named sites just to confuse and bait carefree clickers.
• Download official apps. Find the official version of the event's apps on legitimate and trusted app stores. You can also check the user reviews in the app information to verify its authenticity. Check what permissions the app is asking for—make sure to understand the access you’ll be giving before you agree to anything.  
• Ignore unsolicited promotional material. Notices that you’ve won free merchandise or tickets to a sold-out game might catch your eye—but don’t fall for the click-bait. Links that you see on websites and social media often lead to malware-infested pages, requests for personal information as part of a phishing scam.
• Update your device's software. Make sure to install the most recent updates for your device OS and apps, especially for devices you use to conduct online transactions.
• Manage your finances. Notify your bank and credit card company about the event you’re going to, and which country you’ll be visiting.
• Get comprehensive protection. Change your password before and after your trip. Also, make sure to install an efficient safety solution. Protect your devices with a security solution from vendors that have expertise to defend against specific threats you are likely to encounter.

When you’re there

• Stay private. Do not use Personally Identifiable Information (PII) when using LAN houses, cyber cafes, or others’ devices. Also, don’t disclose any PII when communicating over untrusted networks, even in your hotel.  
• Set up a VPN. It’s impossible to stay offline, especially in a country you’re unfamiliar with. Unsecured networks are a risk, so setting up a Virtual Private Connection (VPN) helps protect any exchanges you have online.
• Keep an eye out. Events like these are always crowded, so you should be aware of your surroundings. Practice proper ATM protocol and be careful of shoulder skimming, where someone peeks at your device while you’re distracted. Check your credit card statements as soon as you arrive home and report any unauthorized transactions to your bank immediately. 
• Use your own tech. Bring a portable charger for your device if you’re going to be watching the games all day. Be wary of using publicly available computers, even the ones in your hotel.  

Watching from home

• Bookmark an official link. Be careful what you click when you’re searching for a livestream link for the games. There are legitimate-sounding sites that contain malware or links that lead you to phishing pages. NBC is the official broadcaster of the 2016 games, and you can visit their site for more streaming information.