Olympic fever is well underway, with the Olympic Games taking place in Paris during July and August this year. During the Tokyo Olympics 2020, the spectacle drew more than 3 billion viewers, and 2024 is set to attract even more interest. However, the Tokyo Olympics also saw cybersecurity teams facing 450 million cyber attacks, 2.5x more than were fought off during the London Olympics in 2012. This year, we should be prepared to see that number rise again.
What should your employees look out for, and how can businesses protect themselves against attackers going for gold?
Why does the Olympic Games lead to a growth in phishing scams?
During the excitement of the Olympic Games, our risk attention is a whole lot lower. Like any event that steals our attention in this way, the Olympic Games is the perfect time for attackers to target a distracted and larger-than-average audience. Popular events are always head-turners, and with people more focused on gymnastics routines and long jump scores than cybersecurity, individuals are far more likely to click on links related to trending topics, even if they hide malicious intent.
Throughout a global event, internet behavior also changes. While most people have their regular online habits and preferences for the websites they use, the emails they open, and the links they click on — when it comes to a large-scale event, all bets are off. Fans may search more widely for the latest results or information on their favorite athletes, and inadvertently click on links that claim to offer news articles or video clips but can be hiding malicious intent. New websites and unfamiliar sources of information can lead to false trust in the safety of these channels.
When searching for tickets or merchandise, many people can be fooled by fake websites or emails that appear to be legitimate and enter personal and even financial information in the hopes of obtaining hard-to-find swag or tickets and live streams of the event. This information is sent to attackers in their controlled environment. These sites can look extremely realistic, and even use trusted channels, as TechRadar uncovered with a false ticketing site for the Paris games, “paris24tickets[.]com”, which was the second sponsored search result on Google when searching for “Paris 2024 Tickets”. Outside of tickets, threat actors can launch fake competitions and contests, promotions, and giveaways that encourage fans to click on external links or enter their sensitive information in the hopes of walking away with an Olympic-sized prize. Often, these sites or email campaigns create psychological pressure to encourage readers to click, such as limited-time offers that will expire if not taken advantage of immediately.
In 2024, many sports fans will be heading to Paris, either with tickets or to soak up that Olympic atmosphere. This also opens the doors for attackers to launch scams related to travel bookings, hospitality, special offers, and event packages locally.
Protecting employees against Olympic-themed phishing scams
While your employees embrace Olympic excitement, they are also busy with their daily routine, making it likely that they could slip up and click on a link that opens your organization up to risk. Knowing that the hackers are stepping up their efforts over this period, here are some top tips to offer your staff:
- Be wary of partner offers: This year, the Olympic Games has 77 official partners. The risk and manipulation can come from brand impersonation of the Olympic Games themselves or from attackers pretending to be any of these partners. Attackers are likely to leverage their good name to trick people into providing sensitive data, or into clicking malicious links. Treat emails that come from the Olympic Games or from any connected partner as suspicious, and always head to the official URL to check out the deal.
- Think, who initiated the correspondence? Ask yourself, how did this company get your email address? If you applied for tickets or information, and the message is a reply — that’s more likely to be trustworthy than an offer that appears out of the blue. A good rule of thumb is to ignore Olympics-themed messages you did not initiate. Be aware that the message can mimic a reply, even if you didn’t initiate a message or request.
- Use trusted sources and websites: If you’re making travel plans, head straight to the official website to book flights, restaurants, and accommodation. Bundle travel options where you can to limit exposure. Buy tickets from the official ticketing website — https://tickets.paris2024.org/en/, and while search engines are certainly safer than links that come via email or other channels, don’t trust them blindly — as they still may be victims of malvertising.
- Use good security hygiene: As always, think before you click. Large-scale events mean high emotions like excitement or fear of missing out can muddle decision-making. Coupled with the rise of AI, it can be harder to spot a phishing scam at a glance. Remind yourself to double (and triple) check any URLs before you click, and be wary of anything that sounds too good to be true.
Cybersecurity awareness training: The best warm-up for your organization this summer
CISOs and security teams have an ever-growing list of priorities, and for most organizations, the resources just aren’t available to support employees when the risk level escalates like it will this summer.
At CybeReady, we’re revolutionizing cybersecurity awareness training to deliver effective training programs that engage employees and reduce risk. The CybeReady platform is event-based by nature, and recurring events are embedded in our platform so that users are prepared for and trained to resist seasonal or cyclical risks ahead of time.
For security and IT teams behind the scenes, CybeReady runs autonomously, eliminating the operational costs of onboarding and communications, and providing easily consumable and sharable one-click reports to prove ROI.
Looking to get on the right track with cybersecurity awareness training this Olympic season and beyond? Schedule a demo of the CybeReady platform.
