Defend yourself against World Cup scams

As the world focuses on the soccer tournament in Brazil, attackers will ramp up efforts to exploit interest in the global sporting event.

The 2014 World Cup tournament has kicked off in Brazil. Soccer (or football anywhere outside of the United States) is the most popular sport in the world, and billions of people will be following the matches closely. While you're busy figuring out how to stream games to your work PC while appearing to be busy with an Excel spreadsheet, you should be aware that World Cup will also be a feeding frenzy of malware and phishing attacks. This shouldn't come as a surprise. Capitalizing on major news and current events is a common technique for cyber criminals. Millions of people sitting on the edge of their seats, waiting for any tidbits of information related to the World Cup tournament, are simply too big and too easy of a target to pass up.

Guillaume Lovet, senior manager of the FortiGuard Labs' Threat Response Team, shared his thoughts with me about the top four scams you should be on the lookout for as the World Cup gets underway.

Unsolicited emails

Think twice before opening an email proclaiming you the winner of a lottery for free World Cup tickets or offers to provide free access to stream games live over the Internet. If it sounds too good to be true, it is.

Lovet explained that clicking on links in those emails could take you to compromised or malicious websites that will download and install malware on your PC or device. It could be a keylogger, fake antivirus, botnet, or malware that opens up shop on your compromised PC and enables additional malicious tools to be installed and executed. What you can be sure it will not be is tickets to World Cup or a free service to view live games online.

Online retailers offering discounted tickets

If you're actually planning to make the trip to Brazil, and you're in the market for tickets to see a match, be careful. "If you discover an online store that's offering unbelievable specials for tickets, do some digging to make sure it's a legitimate store and not a false front that will disappear later that day along with your credit card information," says Lovet. "Even if they are legitimate, you'll want to make sure their site hasn't been unknowingly compromised by SQL injection or other server attacks."

Phishing and identity theft

One ploy to watch out for is fake messages that seem to be from a bank or PayPal. Attackers will send "notification" messages letting you know that your transaction--perhaps a very expensive transaction for tickets to a World Cup match--has been approved and is in progress. The email will contain links to view the details of the transaction or a link to cancel it. The links typically lead to very convincing spoofed sites that will require information like username, password, and account number--information attackers can use for identity theft, or to simply access and empty your bank account.

Unsecured Wi-Fi hotspots in Brazil

If you're lucky enough to be in Brazil for the big event, avoid public Wi-Fi hotspots. When you join a public Wi-Fi network, all of the other devices connected to that network can potentially intercept traffic to and from your PC. If you join an unsecured network, any attacker within range of it may be capturing your sensitive data. Many attackers will also set up rogue public Wi-Fi hotspots with the intent of luring users to connect so they can access their data and PCs.

Again, all of these attacks are common during any major event. Lovet offers this simple advice to help you avoid scams like these during World Cup and beyond:

  • Requests for password or credit card information should set off alarm bells. Double check before you comply.
  • Be very wary of links that either lead to applications or external Websites.
  • If you haven't entered a lottery, you can't win it.
  • Even when connecting to secure access points, be sure to check that your favorite websites rely on well secured HTTPS connections.

If you watch out for these scams and keep these tips in mind, your only concern will be whether or not your team makes it to the World Cup Final.

Join the CSO newsletter!

Error: Please check your email address.

Tags identity theftsecurityworld cupscamsphishing attack

More about ExcelPayPal

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts