New research from Palo Alto Networks has revealed that cybercriminals are taking advantage of high-profile sporting events to conduct scams, phishing, and malware attacks through suspicious domain registrations and other malicious activities.
Domain Abuse Surges During Paris Olympics
For example, researchers uncovered significant spikes in newly registered domains (NRDs), DNS anomalies, and URL traffic during the Paris Olympics. During the event, Olympic-related domain registrations tripled compared to normal periods. 16% of these domains were suspicious, 13 times higher than the general rate for NRDs.
Attackers used these spoof domains to sell fake tickets, trick users into participating in cryptocurrency scams, steal personal information, or install malware on victim computers.
How Consumers Can Identify Event-Related Scams
According to Anne Cutler, a Cybersecurity Expert at Keeper Security, scammers often exploit events for personal gain, so extra vigilance is essential during these periods. However, these spoof websites are becoming harder to detect.
“Threat actors are getting more adept at SEO poisoning, using language like ‘Official Website’ to lure people into clicking a dangerous link or visiting a spoofed site that can harvest sensitive information or download malware onto your devices,” she said.
To detect a scam website, Cutler suggests paying special attention to the URL and domain extension. While scammers no longer use obviously suspicious URLs and are instead opting for commonly used top-level domains (TLDs) like .com, .shop, or .store, they will still differ slightly from official websites.
“If [a URL] appears to be abnormally long or unrecognizable based on your normal search activity, it’s best to ignore it – and not click on the link. Instead of searching, you can type in the full URL directly to ensure you’re landing on the authentic website. If you do land on a spoofed website, it may ask you to give your email address or other personal information, so be cautious when entering any information,” she said.
Cutler also notes that consumers can use a password manager or tools like a Google Transparency Report to reduce the risk of visiting fake websites. If a website’s URL doesn’t match what’s stored in a user’s secure digital vault, the password manager will not fill in the credentials, indicating it’s a spoofed site.
Recommendations for the Security Industry
In light of these threats, Palo Alto Networks suggests that organizations proactively monitor domain registration trends, DNS traffic, and suspicious URLs, while security teams should use advanced tools like DNS Security to mitigate risks.
Ultimately, these findings underscore the importance of increased cybersecurity measures around high-profile events.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
