Super Bowl Cybercrime

Super Bowl 50 is coming to my hometown and, along with it, over a million devoted fans who’ll pack events, concerts and restaurants from San Francisco to Santa Clara. That week they, along with fellow fans across the nation, will go nuts for anything related to the ultimate football showdown. They’ll don team t-shirts and hats, stick bumper stickers and flags on their cars, they’ll even paint their faces, chests and bellies team colors to prove their dedication.

Now, I’ll admit I don’t know much about football, but I do know how all of this exuberance makes fans easy targets for cyber criminals. There are all kinds of football-related sites and apps out there to keep fans informed and entertained and tons of venues with open Wi-Fi access that make getting Internet access a breeze.

But, how do you know which ones you can trust?

Cyber criminals can turn the apps you know and love into tiny Trojans capable of stealing your sensitive data like email, instant messages, contacts, calendar appointments and even your photos and documents. Or worse, they could connect to your mobile device and control it remotely without your knowledge.

One way they do this is by taking popular trusted apps like Facebook or even mobile banking apps and injecting them with malicious lines of code (malware). With these infected apps ready to go, cyber criminals can easily trick you into installing them.

If you’ve received a link to a random Super Bowl app or site in an SMS or email messages, there’s a good chance it’s from someone preying on your love of the game. Or, they’ll target visiting fans with links to local offers and discounts that, when clicked, download malware that could trigger a digital nightmare.

The bait doesn’t end there, though.

Clever cybercriminals also use social networks to lure you in. In fact, scientists took a sampling of Super Bowl 49 tweets from last year and found tons of malicious URLs that infected devices right away. And since these URLs are usually shortened, it’s next to impossible to know which ones are legitimate and which ones aren’t.

Making matters worse, it’s pretty easy to set up fake Wi-Fi hotspots that look real enough to trust. With these rogue hotspots, cyber criminals can capture or even change data as it travels to and from a mobile device. Everything on your phone – photos, emails, contacts, even credit card information – could be accessible and vulnerable for cybercriminals to exploit.

That’s some pretty scary stuff, so what can you do to protect yourself?

The truth is plenty! Most cyberattacks can be thwarted by using your own good, common sense. Here are some tips to help keep you safe before and after kickoff:

  • Only download apps from official marketplaces like Google Play and the Apple App Store. If you do tap a link to a malicious download, cancel it.
  • Don’t root or jailbreak your Android or iOS device. Opening up root access can allow cybercriminals to bypass built-in security features that keep you safe.
  • Keep your Wi-Fi radio turned off if you don’t need it, or make sure it’s not set to connect to Wi-Fi hotspots automatically without your authorization.
  • Verify that the Wi-Fi hotspot you’re going to use is legit. It only takes a few seconds to ask a barista, and it only takes criminals a few seconds to steal your data.
  • Enable remote lock and find features like Android Device Manager or Apple’s Find My Phone. If your device is lost or stolen, lock it remotely, or even wipe it clean.

Jeff Zacuto is a San Franciscan, gadget geek, and senior mobile security marketer at Check Point Software Technologies. His 15 years of experience with mobile technology, security and compliance gives him a unique perspective on the needs and expectations of IT and security professionals, end users and corporate executives.