Threat Intelligence Blog

Posted January 29, 2019

Super Bowl LIII is less than a week away, and with over 1 million visitors expected in the Atlanta metropolitan area, security teams are already in place. Over nine agencies are coordinating to provide security for the event, including the FBI, Atlanta PD, and MARTA police. The Atlanta Police Department has been preparing to protect the event since 2016. As with any large-scale event, there are both physical and cybersecurity risks of which attendees and executive security teams should be aware.

While physical risks are expected to be low – the Department of Homeland Security designated the event at Level One Special Event Assessment Rating – fans still need to be aware of potential security risks before, during, and after Super Bowl LIII. The intense amount of stimulation can lead to fans being less cautious about personal cybersecurity, exposing them to cyber risk. Our On-Demand Investigation & Analysis team advises that the preparations of on-site security are well prepared to handle physical threats; however, it is up to fans to remain vigilant to protect against cyber risk. Below are the most pressing cyber risks the LookingGlass team warns against.

Ticket Re-Selling

If you are still thinking about attending the Super Bowl, you may be wondering from which vendor you should purchase tickets. Confused by all the options? You aren’t alone. The NFL distributes tickets to the teams, leagues, and sponsors, who then resell to ticket brokers and fans. Due to the confusing ticket distribution scheme, many cyber criminals take advantage of the different distribution channels to create spoof services. Before heading to Super Bowl LIII, make sure to buy from licensed, reputable vendors. Fans should also be wary of any deals on lodging or travel received by email, as phishing attacks are amongst the most common attack vectors for events like the Super Bowl. LookingGlass recommends using mail spam filters and refraining from opening links and files from untrusted sources to help mitigate the risk of phishing and spear phishing emails.

Rogue Apps

While looking for game-day information, be sure to only use the official Super Bowl app, “Super Bowl LII – Fan Mobile Pass” developed by NFL Enterprises, LLC, and beware of any other so-called “official” apps. Unofficial apps are created to steal your personal information; especially credit card credentials. Keywords like “Super Bowl” and “NFL” are used in these rogue app titles to trick users into downloading. There is significant risk of rogue mobile apps, especially in the Android app market; LookingGlass recommends checking that the app developer is “NFL” in your app market.

Vulnerable On-Site Systems & Networks

While at Mercedes-Benz Stadium, fans should be hyper-aware of any transaction made on a Point-of-Sale (PoS) device, as the PoS system could be exposed to attack. Attendees should also be aware of any public or free wi-fi network; it is never safe to share Personally Identifiable Information over an unsecured network. If you really need internet service, consider using a VPN at the game to keep data secure. To keep yourself safe from data loss, be sure to password-protect any devices you plan on using, and any storage drives utilized to back up these devices should be encrypted. In case of loss or theft, these two simple steps can mitigate the effects of software that allows remote wipes of devices and storage drives. Also worth considering is enabling a tracking software that allows you to find a lost or stolen device and protect it remotely.

All in all, fans have little to worry about during Super Bowl LIII if they are already following basic cybersecurity rules. As always, LookingGlass recommends staying aware of your devices and their security as well as the environment around you. Most of the mentioned threats can be prevented through awareness and safe cyber practices. If you’d like more insights on physical events like the Super Bowl, contact us.


Additional Posts

2019 FS-ISAC Annual Summit

Please join us at the 2019 FS-ISAC Annual Summit, where LookingGlass CEO Chris Coleman will be ...

North Korea could accelerate commercial espionage to meet Kim’s economic deadline

North Korea-linked hackers have shown no limits in what they will target – from a Hollywood ...