Gadget

Phishers target World Cup

Kaspersky Labs has outlined some tips to help users protect themselves from cyber criminals that are using the upcoming World Cup as a means to gain confidential information.

As Brazil makes its final preparations to host the FIFA World Cup 2014, which will kick off on the 12th June, cyber criminals are building up their scamming campaigns aimed at soccer (aka football) fans. Kaspersky Lab has several tips for how to stay protected from World Cup-themed phishing schemes and malware, to safely enjoy the biggest sporting event in the world.

Online fraudsters have been actively creating sophisticated websites imitating authentic domains of the World Cup, its sponsors, and partners – including well-known brands – trying to lure users to share their private data, such as usernames, passwords and credit card numbers.

Fabio Assolini, Kaspersky Lab’s Senior Security Researcher with its Global Research and Analysis Team, said: “We detect 50-60 new phishing domains every day in Brazil alone, and they are often highly sophisticated and very skilfully designed. In fact, for an ordinary user it’s far from easy to distinguish a fraudulent domain from a real one.

Some phishing websites appear to be safe. For example, their URLs may start with ‚Äòhttps’, where the ‚Äòs’ stands for ‚Äòsecure’, as the cyber criminals manage to purchase valid SSL certificates from certification authorities. Phishing domains also sometimes have mobile versions with an authentic look and feel aimed at users of smartphones and tablets.

Criminals use legitimate SSL certificates also to infect users’ computers with malware. In one scam, users in Brazil would receive a message telling them they had won a World Cup game ticket. If a user clicked on the link to print the ticket, it led to a digitally signed Trojan banker.

Another attack used an apparent customer database breach. Scammers would send personalised e-mails informing recipients that they had won a World Cup ticket. The messages – which included the full name of the recipient, his or her date of birth, and full address taken from an unknown database – had a PDF attached purporting to be a winning ticket, but which was in fact also a Trojan banker.

Cybercrime leveraging the huge interest in the World Cup is not limited to Brazil: it’s global. It’s also not so new: Kaspersky Lab’s experts were reporting on other World Cup-themed spam and Nigerian letter scam campaigns back in February.

Here are some tips to stay secure against phishing schemes and malware that use a World Cup context to stage their attacks:

* Follow Gadget on Twitter on @GadgetZA

Exit mobile version