With the World Cup in Brazil poised to begin, the whole world is watching – and that includes cybercriminals.
ESET is following a wave of phishing campaigns, fake “prize draws” and other classic fraud tactics – and the hacks have extended far beyond the boundaries of Brazil itself, as this story about England players’ details leaking on Twitter illustrates.
But just as there are tried-and-tested tactics to help a team fight its way through the World Cup, there are a few neat dodges in information security which will help you steer clear of World Cup scams.
Understand your opponent
Most of the early phishing campaigns targeting the World Cup offered the same thing – the chance to attend games. It’s a classic phishing scam: take advantage of the buzz. For cybercriminals the sheer size of the World Cup event, and the number of users interested, is an irresistible lure. No doubt World Cup scams will continue right through the competition – ranging from unbelievable deals on new televisions, to raffles for tickets spread via fake sites, fake links on social sites, and of course, fake “new friends” on such sites.
Look at the current state of play and ensure there’s the biggest possible number of defenders between the goal (your private data) and the opponent (cybercrime gangs). Tempting offers such as cheap LCD televisions or sweepstakes offering flights and accommodation for the full event will be one of the tricks deployed by your opponent – but behind each tempting offer could lurk a fraudulent website. At that point, if you click, it’s like putting your opponent face-to-face with your keeper – the full responsibility of keeping your PC safe falls on just a few factors: your settings and your antivirus software.
Don’t pass too openly
Just as a team can leave itself open to attack, you have to change your tactics online to ensure your personal information remains safe. Treat any World Cup-related site with suspicion – particularly ones that ask for personal information. Even sites which are not asking for card/banking details can still be scams – be extra cautious about everything from your home address to your email, as these can be the building blocks for identity theft attacks.
Don’t trust rumors
When you see a truly unbelievable world cup news story spreading, don’t click – it’s probably unbelievable because it’s untrue. ESET has seen World Cup scams circulating on networks such as Facebook, relating to everything from player injuries to intimate videos of players with their other halves. False news stories are a classic cybercriminal tactic – and when the world is watching one big story, you can bet that fake news links will spread on social networks, leading unwary web users to fraudulent surveys – or worse, sites infected with malware.
When the game’s over the game’s over
Be very, very wary of any site that’s not FIFA’s official website for last-minute tickets – not only are there scam sites aplenty, there are touts and other scam merchants offering World Cup tickets (which might well be fake) at exorbitant prices. FIFA’s own warnings about World Cup ticket scams offer a sensible way to cool off your desire – there’s often no such thing as a “dream ticket”, just an awful lot of scams.
Listen to the team captain
When you’re browsing for World Cup news, don’t blindly follow the first link you see – go to a news site you trust and start from there, or download one of the official news site apps (or FIFA’s own) to stay up to date with the latest results. If it’s a news site you’ve never heard of before, odds are there’s a very good reason for that – it isn’t a news site, it’s a scam.
by Gastón Charkiewicz, ESET