If you receive any emails in the next two weeks touting great deals on Olympic gear, unaired footage of the ice-skating competitions, or official government communications related to the Pyeongchang Games, think before you click.

The messages might actually be coming from cybercriminals looking to steal personal identity information or credit card numbers.

Researchers at McAfee recently discovered a coordinated malware attack, dubbed Operation Gold Dragon, that targets groups and companies tied to the Olympics. And these same researchers say Olympic-themed phishing scams are a threat to ordinary people, too.

Like many big news events, the Olympics bring with them a spike in phishing activity, and this year’s games could be especially bad, says Ryan Sherstobitoff, a senior researcher at McAfee Advanced Threat Research.

“We’re seeing higher volumes of phishing emails than we have for previous events,” he says. “There’s a highly charged political situation surrounding the games; cybercriminals want to take advantage of that and ultimately monetize it.”

Why the Olympics?

Like any correspondence designed to attract attention, phishing emails are particularly effective when they’re timely. The more they’re connected to current events—the Super Bowl, Valentine’s Day, tax season—the more likely they are to be read.

According to Brendan Griffin, threat intelligence manager for the email security company PhishMe, cybercriminals often jump on breaking news events—even terrorist attacks and natural disasters.

more on scams

So this month their emails may well include limited-time offers for Olympic products or the promise of results for competitions that haven’t yet aired, says Stu Sjouwerman, founder and CEO of KnowBe4, a cybersecurity company that specializes in anti-phishing employee training. “It could be anything Olympics-related that would be interesting to a potential victim.”

Not long ago, cybercriminals had to craft these emails one by one, doing painstaking research to find the personal details needed to make the emails look real, Sjouwerman adds.

But now social media platforms provide them with plenty of personal data on potential victims, and software automates the composition process, sending out millions of highly customized emails and boosting their chances of a payoff.

The endgame remains the same: The emails are designed to coax victims into opening an attachment, which installs malware on a computer, or into clicking on a link to a fake website, where they may be asked for log-in credentials, a Social Security number, or a credit card number, potentially surrendering financial information or their online identity.

And given the two-year lead-up to the Pyeongchang Games, the criminals have had lots of time to create websites with details that make them look very official, Sjouwerman says. So you have to eye them very closely to spot signs of fraud.

How to Avoid Getting Scammed

So, given all of that, how do you avoid getting phished?

Here are some tips from digital security experts.

Think before you click. If something doesn’t seem right about an email, just delete it—ideally before you open it. You’re better off not taking the risk.

Examine the link. Before you click on a link, try hovering your mouse over it. This will reveal the full address, which can expose signs of fraud. A “.ru” on the end, for example, means the site was created in Russia; “.br” means Brazil.

If an Olympics-related URL spells Olympics with an “I” instead of a “Y,” stay away. And if you get an email advertising a great deal at a major retailer, open a window in your browser, search for the retailer’s web address, and compare it with the one in your email.

Don’t assume that a website is legitimate just because its URL starts with “https.” Criminals like to use encryption, too.

Don’t open the attachment. It may contain malware. And you should never type confidential information into a form attached to an email. The sender can potentially track the info you enter.

Guard your financial information. Be wary of emails asking for account numbers, credit card numbers, wire transfers, and failed transactions. There’s no reason to share such info via message or an unsecure site.

Turn on auto updates. This goes for your computer, smartphone, and tablets. Up-to-date security software goes a long way toward stopping malware.

Use security tools. Install an antivirus program on your device and keep it up to date. You can also use a website reputation rating tool, which comes in the form of a browser plugin, to warn you if you try to go to potentially dangerous websites. Cybersecurity companies such as McAfee and Norton offer them.

But keep in mind that these tools aren’t foolproof. Don’t let your guard down just because you use them, Sjouwerman says.

“If you’re counting on your spam filter and your AV program, then you have a false sense of security.”