
Eurovision 2023 is coming back on May 9, hosted in Liverpool on behalf of Ukraine. Viewers around the world are excited to see these year’s acts – while cybercriminals are eager to make some cash.
From malware and phishing to data handling concerns – it seems like this year’s song contest will attract them all.
Already in May 2022, a pro-Russian hacker group was caught discussing a cyberattack against Eurovision to hinder Ukraine's chances in the song contest.
"You can't vote online. Perhaps our DDoS attack is to blame for everything," said a message on the group's official Telegram channel.
Italy, however, announced that it had successfully blocked distributed denial-of-service (DDoS) attacks during the event.
The announcement made the attackers even angrier, prompting a Russia-affiliated group Killnet to declare “war on ten countries and the Italian police.”
This year around, hackers are not stopping, attempting to infiltrate the Eurovision space from every possible point of entry and exploiting multiple attack vectors.
Fraud attempts: phishing, malware and fake invoices
The North West Cyber Resilience Centre (NWCRC) has warned organizations to stay vigilant ahead of the grand musical event in Liverpool. It has advised numerous companies dealing with new suppliers and customers throughout the supply chain to be on alert for fraud attempts.
Head of Cyber and Innovation at the NWCRC DI Dan Giannasi said: “We are asking all businesses across the North West, but particularly Merseyside, to be vigilant against potential cyber crime in the run up to the Eurovision Song Contest in May. Protecting your organization is critical for businesses involved in the event but also the wider business community across the region.”
Giannasi warned of an increased number of phishing scams, with fraudsters attempting to get personal information and take payment while impersonating businesses.
“Email, SMS or WhatsApp are the main threats to be wary of, especially as this is a gateway to other further attempts of cybercrime,” the NWCRC stated.
Receivers should be careful and check all information, paying specific attention to unusual email addresses, wrong URLs, and bad spelling.
However, customers can’t be fully in charge in regards to how their data is handled. Back in March, Booking.com confirmed that "some accommodation partners [who offered rooms to Eurovision fans in May] had been targeted by phishing emails.”
It is understood that some businesses had "accidentally compromised their own internal systems by clicking on links contained in these messages".
Although no data breach was confirmed, a number of Eurovision fans reported almost falling for scams relating to accommodation booked for Eurovision in May. Some of those who found where to stay through the travel site received calls from people claiming the payment didn’t go through.
"Hotels will very rarely contact you on WhatsApp," chief executive Kate Nicholls at UKHospitality, which represents more than 700 companies, said. "For the first time you've got lots of young people in particular who won't be usually booking and travelling to these events and [scammers] are exploiting those people who are vulnerable.”
Booking.com has reiterated that a customer would never be required to provide credit card details by phone, text message or email.
Companies will also likely be dealing with fake invoices around the time of the event, the agency warned. These would be “either purporting to be from a real business, or simply an opportunist fake invoice, in the hope that it won’t be checked out and paid”.
In order to mitigate these threats, companies are strongly advised to update all of their software, ensure their firewalls and virus protection is up-to-date and switch on two-factor authentication wherever possible.
Small businesses that lack cybersecurity infrastructure may be especially vulnerable during this time. That’s why it’s crucial to educate all staff about the matter prior to the event.
“Fraudsters will be relying on businesses dealing with unfamiliar suppliers and customers and looking for any opportunity to take advantage of a situation,” Katie Gallagher, founder of the NWCRC and MD of Manchester Digital, said.
All eyes are on TikTok
Security challenges are not always as visible and straightforward as potential cyberattacks – sometimes, the handling of data may represent a much wider national security concern.
TikTok has officially been announced as Eurovision’s entertainment partner for a second year. This comes amid mounting security worries surrounding the platform.
The European Broadcasting Union (EBU) announced TikTok as a select partner able to livestream Eurovision and release exclusive performances, as well as behind-the-scenes content.
“Millions of new Eurovision Song Contest fans discovered the event through TikTok last year and we know millions more will be excited by this year’s extra special event in Liverpool,” said Martin Osterdahl, the EBU’s executive supervisor for Eurovision.
TikTok, which is owned by Chinese internet company ByteDance, boasts 1.534 billion users worldwide, out of which one billion are monthly active users. This includes 150 million users in the US.
The Biden Administration, along with lawmakers on both sides of the House and Senate, expressed concerns over the potential access Chinese authorities might have to user data, representing a potential national security risk.
China’s national security law requires companies to hand over customer data upon the government’s request.
In response, Beijing threatened that Chinese investors would consider pulling investment from the US in case the country attempts to buy TikTok out.
The UK, along with a comprehensive number of other countries, has banned TikTok from official devices and barred it across the Palace of Westminster. The European Commission has followed the example and banned staff from using the Chinese social media app TikTok over security concerns.
In 2022, TikTok admitted that company staff located across the world can access certain European user data. However, the firm assures that it’s implementing a comprehensive plan to further protect European user data.
Yet, not everyone seems convinced: BBC, which is organizing this year’s Eurovision as national broadcaster, ordered employees to remove TikTok from their work phones. It added that BBC “takes the safety and security of our systems, data and people incredibly seriously.”
It seems like this year’s Eurovision is the one to watch out for: not only in terms of upcoming performances but also crooks lurking around in search of easy targets.
Your email address will not be published. Required fields are markedmarked