As Brazil makes its final preparations to host the FIFA World Cup 2014, which will kick off on June 12, cybercriminals are building up their scamming campaigns aimed at soccer (aka football) fans. Kaspersky Lab has several tips for how to stay protected from World Cup-themed phishing schemes and malware and safely enjoy the biggest sporting event in the world.
Online fraudsters have been actively creating sophisticated websites imitating authentic domains of the World Cup, its sponsors, and partners – including well-known brands – trying to lure users to share their private data, such as usernames, passwords and credit card numbers.
Fabio Assolini, Kaspersky Lab’s Senior Security Researcher with its Global Research and Analysis Team, said, “We detect 50–60 new phishing domains every day in Brazil alone, and they are often highly sophisticated and very skillfully designed. In fact, for an ordinary user it’s far from easy to distinguish a fraudulent domain from a real one.”
Criminals use legitimate SSL certificates also to infect users’ computers with malware. In one scam, users in Brazil would receive a message telling them they had won a World Cup game ticket. If a user clicked on the link to print the ticket, it led to a digitally signed Trojan banker.
Some tips to stay secure against phishing schemes and malware that use a World Cup context to stage their attacks: always double-check the webpage before entering any of credentials or confidential information. Phishing sites are deliberately designed to look authentic.
Although websites with the “https” prefix are more secure than those with “http”, this does not mean such websites can be fully trusted. Cybercriminals are successfully obtaining legitimate SSL certificates.
Generally, be wary of messages received from unknown senders. Specifically, avoid clicking on links in e-mails from sources users are not absolutely sure about, and do not download and open attachments received from untrusted sources.
Make sure to have up-to-date anti-malware protection installed that blacklists phishing websites.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.