As Brazil is en route for its final preparations to host the FIFA World Cup 2014, which will kick off on June 12, cybercriminals from their corresponding end are but building up their scamming campaigns aimed at the soccer fans. Kaspersky Lab from its barrio has several tips for how to stay protected from World Cup-themed phishing schemes as well as malware and staying out of harm’s way revel in witnessing of the biggest sporting event in the world.
Online fraudsters have been actively creating sophisticated websites replicating authentic domains of the World Cup, its sponsors, and partners – including well-known brands – trying to lure users to share their private data, such as usernames, passwords and credit card numbers.
Fabio Assolini, Kaspersky Lab’s Senior Security Researcher with its Global Research and Analysis Team, alleged: “We detect 50-60 new phishing domains every day in Brazil alone, and they are often highly sophisticated and very skillfully designed. In fact, for an ordinary user it’s far from easy to distinguish a fraudulent domain from a real one.”
Certain phishing websites appear to be safe. As for instance, their URLs may start with ‘https’, where the ‘s’ stands for ‘secure’, as the cybercriminals manage to purchase valid SSL certificates from certification authorities. Phishing domains also occasionally have mobile versions braced with an authentic look and feel directed at users of smartphones as well as tablets.
Criminals make use of legitimate SSL certificates as well to be able to infect users’ computers with malware. In one scam, users in Brazil would receive a message telling them they had won a World Cup game ticket. If a user clicked on the link to print the ticket, it led towards a digitally signed Trojan banker.
An additional attack used an apparent customer database breach. Scammers from their part would send personalized e-mails updating recipients that they had bagged a World Cup ticket. The messages – which involved the full name of the recipient, followed by his or her date of birth, and full address taken from an unknown database – had a PDF attached purporting to be a winning ticket, but which was in fact also a Trojan banker.
Certainly goes without saying that – Cybercrime leveraging the enormous interest in the World Cup is not restricted to Brazil; it’s global. It’s also not so new: Kaspersky Lab’s experts were reporting on other World Cup-themed spam as well as Nigerian letter scam campaigns back in February.
Here goes some tips to stay secure against phishing schemes as well as malware that use a World Cup context to stage their attacks:
- Always make it a thumb rule to be able to double-check the webpage before entering any of your credentials or confidential information. Phishing sites are purposefully designed to be able to look authentic.
- Granting that – websites with the ‘https’ prefix are more secure than those with ‘http’, however this does not mean that – such websites can be fully trusted. Cybercriminals from their bastions are efficaciously obtaining legitimate SSL certificates.
- By and large, be wary of messages you receive from unknown senders. Precisely, avoid clicking on links in e-mails from sources you are not absolutely sure about, and do not download and open attachments received from untrusted sources.
- Ensure that – you have up-to-date anti-malware protection installed that blacklists phishing websites.