The 2014 World Cup tournament has kicked off in Brazil. Soccer (or football anywhere outside of the United States) is the most popular sport in the world, and billions of people will be following the matches closely. While you're busy figuring out how to stream games to your work PC while appearing to be busy with an Excel spreadsheet, you should be aware that World Cup will also be a feeding frenzy of malware and phishing attacks. This shouldn't come as a surprise. Capitalizing on major news and current events is a common technique for cyber criminals. Millions of people sitting on the edge of their seats, waiting for any tidbits of information related to the World Cup tournament, are simply too big and too easy of a target to pass up.
Guillaume Lovet, senior manager of the FortiGuard Labs' Threat Response Team, shared his thoughts with me about the top four scams you should be on the lookout for as the World Cup gets underway.
Think twice before opening an email proclaiming you the winner of a lottery for free World Cup tickets or offers to provide free access to stream games live over the Internet. If it sounds too good to be true, it is.
Lovet explained that clicking on links in those emails could take you to compromised or malicious websites that will download and install malware on your PC or device. It could be a keylogger, fake antivirus, botnet, or malware that opens up shop on your compromised PC and enables additional malicious tools to be installed and executed. What you can be sure it will not be is tickets to World Cup or a free service to view live games online.
Online retailers offering discounted tickets
If you're actually planning to make the trip to Brazil, and you're in the market for tickets to see a match, be careful. "If you discover an online store that's offering unbelievable specials for tickets, do some digging to make sure it's a legitimate store and not a false front that will disappear later that day along with your credit card information," says Lovet. "Even if they are legitimate, you'll want to make sure their site hasn't been unknowingly compromised by SQL injection or other server attacks."
Phishing and identity theft
One ploy to watch out for is fake messages that seem to be from a bank or PayPal. Attackers will send "notification" messages letting you know that your transaction--perhaps a very expensive transaction for tickets to a World Cup match--has been approved and is in progress. The email will contain links to view the details of the transaction or a link to cancel it. The links typically lead to very convincing spoofed sites that will require information like username, password, and account number--information attackers can use for identity theft, or to simply access and empty your bank account.
Unsecured Wi-Fi hotspots in Brazil
If you're lucky enough to be in Brazil for the big event, avoid public Wi-Fi hotspots. When you join a public Wi-Fi network, all of the other devices connected to that network can potentially intercept traffic to and from your PC. If you join an unsecured network, any attacker within range of it may be capturing your sensitive data. Many attackers will also set up rogue public Wi-Fi hotspots with the intent of luring users to connect so they can access their data and PCs.
Again, all of these attacks are common during any major event. Lovet offers this simple advice to help you avoid scams like these during World Cup and beyond:
- Requests for password or credit card information should set off alarm bells. Double check before you comply.
- Be very wary of links that either lead to applications or external Websites.
- If you haven't entered a lottery, you can't win it.
- Even when connecting to secure access points, be sure to check that your favorite websites rely on well secured HTTPS connections.
If you watch out for these scams and keep these tips in mind, your only concern will be whether or not your team makes it to the World Cup Final.