It is undeniable that big events bring with them great digital treats. We have seen examples of this at events such as the Rio Olympics, the Winter Olympics in Russia, the Soccer World cup in Brazil, or even the Super Bowl in the United States.
These events attract a high number of visitors and generate lots of interest online. People want to find tickets and event information, so they sign up to online services and create a lot of traffic for the event websites. Hackers see this as a great opportunity to obtain confidential data, with an eye to steal a large amount of information or credentials that can be sold or used maliciously.
We saw it in 2014 with the FIFA Soccer world cup in Brazil and over the last few weeks with the Summer Olympics in Rio. Hundreds of emails were sent offering tickets to the main games with links to participate in raffles to win a trip to Brazil and links to watch the game online; some from “recognized organizations” that were in fact spoofing and phishing attacks seeking to trick people so they can obtain valuable information. Hackers have gone as far as to compromise the physical security of events like these as well.
Hackers are known for sending phishing emails to people interested in these types of events and offering tickets, hotels or cash prizes, in order to entice you to click a link that will take you to a fake website and solicit you to input more information about yourself that the hackers can use maliciously.
How Do the Hackers Do It?
The question is: if we know that there are thousands of these emails being sent by hackers, why do people still open them? One reason is that we are enticed by the offers and curious enough to see what’s on the other end. Another reason is that the emails are getting more sophisticated and therefore, it’s more difficult to spot a phishing email than it used to be. The once popular email of an African prince looking for you to transfer funds in a local account to give you a million dollar reward has long since gone and been replaced with phishing emails that are much harder to spot.
Hackers get lists from different databases, which allow them to have more information about potential victims, in order to create phishing emails that are more difficult to identify. For example, they could target email accounts by the country, making them as local as possible, or find out who you contact the most and send emails using their addresses.
So even though we want to rejoice and revere over our favorite sports teams at events, we cannot ignore the risks we are exposing ourselves to at such events. In order to do this, I will list some of the main types of attacks you can expect to see during a sporting or event season. Stay vigilant of these!
Websites Offering Online Sales and Raffle Tickets to Attend the Event
When visiting websites to buy tickets or enter sweepstakes for events, try to verify that the site is real. One way to do this is by checking that the website has an SSL Certificate. Usually ecommerce sites should have an Organization Validated or an Extended Validation SSL Certificate which verifies the identity of the organization that is offering online tickets or special merchandise.
The Extended Validation SSL Certificate will display the name of the organization in the browser like in the example below:
An Organization SSL Certificate will display the company information in the certificate details like we can see in the following example:
As we can see, the SSL Certificate help us to verify the company information. But the certificates also play an important role in protecting your data by encrypting data submissions. So if you are filling out a form, or providing any private information via a website, always make sure that the site has an SSL Certificate. The SSL Certificate gives you peace of mind because you know you are exchanging data in a secure way.
Emails Inviting to View the Event in Websites or to Participate in Online Sweepstakes
Email hackers are increasingly sophisticated so is becoming more difficult to identify a phishing email. If you don’t know the origin of the mail or you are not sure it is a secure email, do not open it or visit links in the email. It may be malware or intentionally lead you to a fake website.
If you receive emails asking you to provide personal information, do not reply. A legitimate organization will never ask you to provide information via email, it is not secure.
Pay attention to the links in the email. Hover your mouse over the link; if the link looks strange, do not click on it. Usually hackers in the emails use well known websites, but when you hover over the link you find that they are different to the one in the body of the email.
Receiving Information as an Attachment
If you receive information as an attachment that refers to the events and you do not know the origin, do not download it. This is another common type of phishing attack – attachments, usually in the form of a PDF or .doc file, which when you open will run a macro to download malware or ransomware onto your computer.
Recommendations If You Are Offering an Event Promotion
If your organization is offering discounts or prizes during these events, we advise that you incorporate Digital Certificates to improve the user experience and trust with people visiting your website or reading your emails. This way you give some peace of mind to users that they are sending and receiving information in a safe way and know that they are communicating with you and ONLY you.
For your website, you can do this by using an Extended Validation SSL Certificate. This way your organization’s verified identity is prominently displayed right in the green address bar, which lends credibility to your site and increases visitor trust.
It is also a good idea to add a Site Seal to your website. This way you will let your visitors know that you are investing in their security and that you provide secure transactions. The Site Seal proves that the website has been verified by a trusted Certificate Authority.
Now, how to send the emails in a secure way? If you are sending emails you can sign the emails using a Digital Certificate as well (S/MIME). Digitally Signing an email binds your verified online identity to the email, so recipients can be confident the email is legitimate and actually coming from the “real you”.
Are you running an event or event promotion? We advise using Digital Certificates to improve customer trust and decrease abandonment rate during these times of increased cyber attack risk. Visit our website to find out more or contact us today.