Scam of the Week: 

Hackers target Winter Olympics

The Multi-State Information Sharing Center issued the following alert February 5, 2018 :

  • Phishing – It is highly likely that malicious actors will capitalize on the 2018 Winter Olympics to send phishing emails with links to malicious websites advertising relevant information such as live coverage, news stories, or ticket sales. These websites often contain malware or attempt to steal login credentials. Based on historic trends, this method is almost certain to be opportunistic in nature, reaffirming that State and Local government employees are likely to receive these emails as part of larger campaigns. Users who follow phishing links or open malicious attachments risk compromising government networks by disclosing their credentials or downloading malware.
  • Olympic Coverage – Malicious actors will likely recycle the tactic of creating malware laden websites, masquerading as legitimate platforms, for users to find out information about the Olympic Games. Previously, cyber threat actors have leveraged social media as a platform to spread links to malicious websites. Malicious actors are actively domain squatting, registering domains similar to legitimate ones. Evidence of this tactic has already surfaced with the registration of several suspect domains with themes relevant to live streaming the 2018 Olympic Games. The MS-ISAC has already observed the registration of several domains containing “Olympics”, “winter”, “games”, PyeongChang”, or “2018” such as winterolympics2018live[.]com, nbcolympics-live[.]com, and statsolympics[.]com. These websites are not confirmed as malicious, although they are not the official domains some of them purport to be.
  • Mobile Apps – Malicious actors are likely to upload Olympics themed mobile apps with collection capabilities that are likely to cause data breaches if downloaded to State and Local government endpoints. During the Rio Olympics, Proofpoint researchers identified over 4,500 mobile apps pertaining to the Games that also performed risky or malicious activities such as hijacking social media accounts or collecting data.

The Internet is a shared resource and securing it is Our Shared Responsibility. You can get additional tips and hints on how to remain safe on-line by visiting:

Our Shared Responsibility is the theme for National Cyber Security Awareness Month 2017. - Visit: