With the Olympics right around the corner, the last thing that you want to think about is security. Well, let me rephrase that, there is plenty of security at the Olympics itself and I’m one of many who sincerely hopes that the 2012 Olympics in London goes smoothly and safely. Go Team USA! But, if you are traveling or thinking about doing anything eCommerce-related, specifically regarding the Olympics, you need to be sure to follow this handyman’s adage, specifically “measure twice and cut once” but in this case, it’s “verify twice and order once.”
If you have already booked your travel, hotel and all related items and you have physical confirmation that all of the items that you have purchased are in order, you probably are ok. What is more concerning is the fact that many new sites are suddenly popping up on the internet related to the 2012 Olympics…and what’s worse is quite a number of these sites are fraudulent and trying to capture your personal information including financial items. And the ways that these fraudulent sites are going after you and your confidential information are getting more sophisticated each day.
As part of the year-long program called “The Digital Joneses” that I’m doing with Trend Micro and several other parent bloggers, we are presented with themes in the form of challenges each month that we undergo and then write about. July’s theme is about raising people’s awareness about online security, the prevalence of scammers, and phishing campaigns as they all relate to the 2012 Summer Olympics. For me, as I have written about phishing scams in the past, I have taken this awareness challenge to heart personally as it is really a clear and present danger to all of us. In fact, every day I get phishing emails and my wife sometimes calls me to ask about some email that she has gotten that sounded odd in one way or another.
So, in this article, I’m going to arm you with some tips and things to think about as you go through your daily email inbox.
But first, let’s define what a “phishing scam” is. Essentially, it is an email that comes from a seemingly reputable and legitimate source telling you to take some sort of action on an account that you may have. For example, you receive an email from your bank. From quick glance, the email may look completely legitimate, complete with logos and a format that looks like a true email that may come from your bank. Typically, it has some sort of a “concerning event” like you need to change your password because your account has been breached, or that the bank is updating its security policies so you need to validate your settings, or it could even be something that looks like a bill. Here is an example of a phishing scam that I recently received:
So, in the example above, you get what looks almost identical to a Verizon bill. However, the $1000 invoice looks a bit strange. So, what you would (normally) do is click on any of the links (specifically “Manage Your Account Online”) to figure out what is exactly what the charge was and how it was paid for. If you clicked on the link, you would go to the link on image shown above (specifically: http : //wcats.co.za/3p9tmVDD/index.html <- don’t click on that!). When you click through on a fake link like that, many times you will see a site that really looks like the site that you think it is. In this particular example, the site is broken (perhaps it has been taken down). However, I had a different “Verizon” bill that had a different link (specifically: http : //mummypages.com/2W9Tf0Up/index.html <– don’t click that one either!) which went to a site that was actually blocked by Trend Micro Titanium Maximum Security:
For this article, I wanted to show you what the page actually looks like. In this particular case, the Trend Micro software continued to block things. If you look at the source code of the page that you land on, it contains links to some potentially malicious JavaScript files:
I decided to stop there because usually those files can do some nasty things with your computer.
But the point here is, there are LOTS of sites out there that have things similar to this, and now there are many emails and sites that are geared toward the Olympics traveler or aficionado. Here are some examples…
These are legitimate emails:
But this is not:
Trend Micro has a post on their blog which shows a phishing scam in action.
So, what can you do to prevent yourself from becoming a victim of an Olympic email phishing scam?
Tips to Avoid Phishing Scams
Below are some tips that I always recommend to protect yourself from phishing scams:
- Don’t click on email links – if you want to visit a site like your bank, type the website address into your browser. Don’t ever click on links from your email.
- Don’t trust emails (or phone calls) – scammers are getting more sophisticated every day and are doing online and offline processes to catch you. If there is any question in your mind whatsoever, call the company using a phone number that you know is legitimate or see the point above as well.
- Use an up-to-date browser – many browsers like Firefox, Chrome, Safari or Internet Explorer actively monitor website addresses for ones that are fraudulent. When you go to a site like that, your browser will block you from accessing it.
- Use security software – if you aren’t using some sort of security software on your computer, shame on you. Get some now! That software will prevent you from going to these types of sites and will also hopefully stop malicious code from being downloaded to your computer.
- Don’t give out your credit card number – especially to sites that you don’t know about. There are some banks or credit card issuers that will let you create a temporary credit card number for online transaction (essentially for 1-time use). If you are in question, see if you can use one of those.
- Hold your mouse over links – if you get an odd email like one of the ones described above and it has a questionable link, hold your mouse over that link and see if the link looks legitimate. Again, see the first point above though.
- Look at emails carefully– there are many ways to tell if an email is a fake, specifically:
- Odd grammar – frequently there are sentences that simple read strangely
- Spelling errors – there will be a couple of words that are misspelled
- Broken or strange images – there may be broken images in the email or the images may look a bit odd
- Odd formatting – usually, official emails look pretty darn good. The fake ones sometimes do not – but don’t be fooled!
- Strange return email address – look at the reply-to email address, if it does not look legit, stay away!
- No attachments – most legit companies will not send attachments. If you get an attachment, don’t open it as it could contain a virus or trojan.
- No requests for money – if someone is asking for money, your best bet is to delete that email immediately!
- Personal details – if the email ask for personal details, delete that one too!
Armed with the tips above, you should be much better off in terms of increasing your awareness of phishing scams and protecting your confidential information. But, as I mentioned, these scammers are getting more sophisticated each and every day so the best thing to do is keep your guard up, keep your systems and browsers updated and have some sort of internet security software installed.
I hope that all of you enjoy the Olympics this year! And, as I said, Go Team USA!
Disclosure Text: For the Digital Joneses Study, Trend Micro has provided each of the bloggers involved, including me, technology and/or software items for use in the various challenges and/or for review. I have a material connection because I received these items for consideration in preparing to write this content. I was/am not expected to return these items or gifts after my review period or the study duration. All opinions within this article are my own and not subject to the editing or approval by Trend Micro or its contractors. More information can be found in my About page as well as here.
HTD says: Let’s all try to keep these Olympics safe – offline and online!
