These days not a headline goes by without some cybercriminal jumping all over it. Now, with the Olympics coming up and travelers wary of the Zika virus, scammers are creating fake websites and apps to steal money or to infect users with malware.
“There are actually sites that say they sell tickets, but never actually give you tickets,” said James Pleger, research director at RiskIQ.
Sometimes, it’s easy to spot the fakes.
“One of the most common things is very poor English,” he said. “Or they’ll only accept payment in online currencies or wire transfers. Other indicators are that there are a lot of complaints, or they’ve been up for a very short time frame.”
Take, for example, Tickets4SummerGames. The website has since been taken down, but the Facebook page is still up.
From the screenshots, images and posts, it can seem legitimate at first glance. But when you look closer, the writing is awkward and unprofessional, and there are customer comments saying that they never got their tickets and want their money back.
Kaspersky Labs analysts say that the anti-virus company is “constantly blocking dozens of newly registered domains” to fake ticket sales sites.
One tactic is to ask for bank card information, and use it to steal money from the users’ bank accounts. They tell the users that payment has been received, and that the tickets will be sent two or three weeks before the event.
“By the time they realize they won’t be getting the tickets they booked it will be too late to buy genuine tickets… especially if there’s no money in their bank account,” said analysts Tatyana Shcherbakova and Andrey Kostin in their report.
Last time around, scam sites promising tickets to sold-out events at the Beijing Olympics took some people for tens of thousands of dollars.
Buyers should be cautious, and check the official list of Olympic ticket resellers before sending any money.
There are also fake sites pretending to sell Olympics merchandise.
According to a report by RSA, some of the fake sites rank higher than legitimate sites due to aggressive search engine poisoning.
Mobile apps that promise to deliver Olympics-related news and information, or updates about the Zika virus, typically turn out to have little functionality when they’re installed. Other than the malware, that is.
“It depends on how much effort they want to go to,” said RiskIQ’s Pledger.
With sophisticated, targeted attacks, there might be some real content, usually illegally copied from somewhere else.
“But a lot of times, to be completely honest, these guys are trying to do it as quickly as possible,” Pledger said.
The criminals lure people in with spam emails, search engines, and will even buy advertisements.
When the applications are taken down by app store owners or legal authorities, they just pop right back up again.
The fake mobile apps typically are either trying to steal information or to dial toll numbers.
There’s also another damaging aspect to some of these scams, said Pleger — they may be piggy-backing on a legitimate brand and hurting its reputation.