Proofpoint pointed out that while people around the world who want to watch the Olympics are booking their tickets online, many organizations, including Olympic host governments (70%), major online ticket booking platforms (90%), and travel sites (40%), may not be able to proactively block fraudulent emails that could harm visitors.
Cybercriminals are targeting social engineering targets and targeting attendees of major sporting and cultural events. When booking tickets to the event, they mainly use official partner companies’ platforms and travel booking sites. Proofpoint emphasized that official partner companies should be fully prepared by building an ecosystem to counter email fraud threats, which have emerged as a major security attack vector, in preparation for the Paris Olympics to be held on the 26th.
In recent years, Proofpoint has observed an increase in cybercriminals using tactics such as impersonating legitimate organizations to gain access to their targets rather than directly hacking and infiltrating the victim’s network and technology infrastructure. In response, Proofpoint has released an analysis of email authentication protocols (Domain-based Message Authentication, Reporting & Conformance, DMARC) to assess the current security posture against email spoofing risks.
DMARC is an email authentication protocol designed to prevent domain abuse by cybercriminals, and offers three levels of security. ‘Monitor’ refers to the level where unauthenticated emails are allowed to go to the recipient’s inbox or other folders. ‘Quarantine’ refers to the level where unauthenticated emails are filtered out and sent to the trash or spam folder. Finally, ‘Reject’ refers to the highest level of protection where unauthenticated emails are blocked from reaching the recipient.
“As we approach the opening of the Paris Olympics, we are concerned that many official partners are not implementing email security measures,” said Loic Guejo, Proofpoint’s director of cybersecurity strategy. “DMARC is an easy-to-implement and highly effective way to protect domain names and prevent email fraud such as domain spoofing. If companies do not take action, there is a risk that cyberattacks will surge like never before.”
Proofpoint analyzed a total of 143 domains that make up the Paris Olympic ecosystem.
- Of the 77 official partner companies of the 2024 Paris Olympic Games, only 26 (34%) have decided to actively protect their domain names by applying the highest level of DMARC ‘reject’ function. This means that 66%, or two-thirds of the official partner companies, are exposed to the risk of email fraud.
- Only six of the 20 Olympic host cities (30%) have implemented active domain name protection measures by implementing the highest level of DMARC ‘reject’ functionality on their official websites.
- An analysis of 10 ticket resale platforms found that only one (10%) used a ‘reject’ mode.
- Analysis of 10 travel platforms showed that they had the highest level of domain penetration risk defense. 60% (6 sites) actively protected their domain names by applying ‘deny’ mode, and 90% implemented basic DMARC records.
Proofpoint’s DMARC adoption analysis of official partners of the Paris 2024 Olympic Games conducted in March analyzed the company’s main domains listed on the official Olympic website. Proofpoint also analyzed the DMARC status of local organizations hosting Olympic events in France, the top 10 ticketing sites, and the top 10 travel sites.
Proofpoint suggests following security guidelines to avoid falling for email scams, such as ▲ being wary of unsolicited emails, texts, or phone calls, especially if they emphasize “urgent” or request payment; ▲ checking directly with your financial institution if you receive a request for financial information via email or text; and ▲ setting a different password for each online account you use and enabling MFA (multi-factor authentication).
editor@itworld.co.kr
Source: www.itworld.co.kr
