Kaspersky Lab: As Brazil prepares to host the FIFA 2014 World Cup, which will start on June 12, digital criminals "set up" their campaigns to cheat fans. Kaspersky Lab wants to share with users some tips on how to protect themselves against phishing and malware attacks on the World Cup in order to safely enjoy the biggest sporting event in the world.
Digital fraudsters are constantly creating websites that mimic the original World Cup domains, sponsors and associates - including well-known brands - to mislead users and extract personal data such as username, password, and credit card numbers .
Ο Fabio Assolini, Senior Security Researcher of Kaspersky Lab's Global Research and Analysis team, noted: "Only in Brazil, we detect 50-60 new domains every day. These sites are often highly advanced and crafted. In fact, it's not easy for a simple user to distinguish a fake domain from an authentic one. "
Some phishing websites seem safe. For example, their URLs can start with "https" (where "s" means "secure"), as digital criminals are able to buy valid SSL certificates from the certification authorities. Phishing domains also sometimes have mobile versions, with looks that look authentic, targeting smartphones and tablets.
Criminals legitimately use SSL certificates and "infect" computer users with malicious software. In a specific scam, users from Brazil received a message informing them that they had won a World Cup match ticket. If the user clicked on the link to print the ticket, they would be guided to one banking Trojan.
In another attack, an apparently infringed database of customer data was used. The scammers sent personalized emails, informing the recipients that they had won a World Cup ticket. The messages contained the full name of the recipient, the date of birth and the full address - information that the fraudsters obtained from an unknown database. These messages included a PDF attachment that was supposed to be the ticket they had won. In fact, it was another banker Trojan.
Digital crime that exploits the huge public interest in the World Cup is not limited to Brazil - it is a global phenomenon. However, it is not new: Kaspersky Lab specialists they said and other World Cup spam campaigns and messages used in Nigerian scam attacks since February.
Here are some useful tips from Kaspersky Lab to protect users from phishing and malware attacks that draw on their World Cup themes:
- Always scrutinize a website before importing information or confidential information. Phishing pages are deliberately designed to look authentic.
- Although webpages whose address starts with "https" are safer than those starting with "http", that does not mean that one can trust them completely. Digital criminals can legitimately obtain SSL certificates.
- Generally, be careful with the messages you receive from unknown senders. Specifically, avoid clicking on links in emails that come from sources for which you are not entirely sure. Also, do not download and do not open attachments from unreliable sources.
- Make sure you have up-to-date anti-malware protection that blocks phishing websites.
More information on World Cup-related phishing and malware scams is available on Fabio Assolini's blogpost.