The Coronavirus pandemic has changed several parts of the sports world, from canceling games to how the games are experienced. Many experts agree that these changes will remain in place for at least the next year. And viewing sports from home is the safest way to protect ourselves, and one another, while still enjoying the experience.
Within this new normal of online sporting events, fans and players are at a higher risk of spear phishing attacks and must learn to use their technology more securely now.
What is Spear Phishing?
Spear phishing is a phishing attack in which the attacker tricks an individual into giving up personal or other critical information that can be used as part of a scam. The attacker usually already has information about the victim which can then be used to trick them into giving up more information such as credit card details or bank account information. This information that the attacker already knows about the victim is what separates spear phishing from all other attacks.
Spear Phishing and Sports
Imagine how much of an investment sporting organizations have previously made in physical security, to protect fans and players within packed stadiums. This same type of investment is required when it comes to cybersecurity across a Microsoft Teams room, a Discord channel, or a Twitch stream.
In a recent posted, we noted how attackers have targeted Microsoft Teams Together Mode (as well as a host of other platforms) simply because it is easy prey. Typically, sports watchers are not thinking about security of their accounts when watching a game as it is a source of pure entertainment. But simple messages asking to update one’s credentials or even click a link to verify some personal information can lead to much bigger problems.
Rep. Alexandria Ocasio-Cortez (AOC) often streams on Twitch to her audience. Image if AOC were about to stream on Twitch and received an email from Twitch requesting validation of her account so it does not get deactivated. This email, though claiming to be legitimate, could be a phishing attack impersonating Twitch. In a matter of minutes, that cybercriminal has access to her email account. That access would be considered a major breach. It is interesting how quickly these things can happen, especially if we do not know what to look for. And, because AOC has notified her audience that she will be live on a certain date and time, this information is publicly available to anyone, including cybercriminals.
Sporting events can have similar scenarios. Imagine if a cybercriminal was targeting the NFL, or a specific team like the New England Patriots. Let’s say the Patriots are about to go on the field, as millions of fans are tuning in to the game. What if an attacker sent an email to the New England Patriot’s producer that says, “You have a problem with your Microsoft Live account? Please login now.” The producer is going to act immediately because he needs to make sure he can perform his job as the game is about to start. The producer would click on the link because it is urgent. Except, that was a phishing email that impersonated Microsoft. Once he logs in, the cybercriminal has harvested his credentials. How does the cybercriminal know that it is about to happen? Because it is LIVE.
These types of scenarios show that cybercriminals have more access to information regarding dates and times to become more successful in their attacks towards high profile individuals and teams. This increased cyber risk is why additional investments are needed in cybersecurity today more than ever.
What Viewers Should Be Aware Of
Whether it is Microsoft Teams or any other online platform, it is important to understand the risk and have security of your accounts at least in the back of your mind when watching a sports game online or any other online form of entertainment.
- Check sender details including email addresses and domain names before proceeding.
- Do not click on any links within emails that look suspicious or otherwise that you do not know.
- Use MFA for your accounts as much as possible and ensure the apps you are using can be trusted.
- Look for clues. Attackers will often take advantage of certain events or situations to create spear phishing lures.
How GreatHorn Can Help
GreatHorn can help protect your organization from advanced email threats. With our free advanced threat assessment, GreatHorn can identify all current email threats that have bypassed your existing defenses to create additional risk to your organization.