With the 2018 Winter Games, McAfee, a device-to-cloud cybersecurity company, warned global fans, consumers, athletes and organizations alike of Winter Games-themed phishing attacks. Through these attacks cybercriminals are most likely seeking passwords and financial information, using a number of techniques to entice victims into opening weaponized documents. Tactics include: email distributed from “spoofed” corporate branded email addresses, emails written in native languages; and the addition of attached documents marked as “protected.”
McAfee recently uncovered Operation GoldDragon, a malware attack targeting organizations affiliated with the 2018 Winter Games. Further investigation by McAfee Advanced Threat Research analysts has uncovered the consequences for victims of malware implant GoldDragon include attackers’ accessing end-user systems and collecting data stored on the device and connected cloud accounts. Potential risks include: attacker’s access to customer and employee financial or personal data, Winter Games related details, trade secrets, and more.
McAfee anticipates an increase in Winter Games cyberattacks using spear phishing techniques and cautions fans to be aware of suspicious links that attempt to lure victims into malicious content.
Tips to ensure devices and data are protected from these exploits include:
- Be cautious. Hover over links to check the URL address looks legitimate, and before logging into an online account, make sure the web address is correct. Phishers often forge legitimate websites, like online storage accounts, hoping to trick victims into entering login details.
- Turn on auto-update. Make sure auto-updates are turned on as a best practice to ensure up-to-date security.
- Go straight to the source. In order to avoid phishing attempts and other cyberattacks, always be sure to only go straight to source – meaning, go directly to the site of providers.
- Lock down devices with comprehensive security. Always use comprehensive security software to protect devices and information from malware and other threats that might result from a phishing scam.
- Use a website reputation tool. This simple browser plug-in can warn users when they visit a potentially malicious site and help steer them back to safety.
