Kaspersky Lab: As Brazil prepares to host the 2014 FIFA World Cup, which kicks off on June 12, digital criminals are setting up their campaigns to trick fans. Kaspersky Lab wants to share with users some tips για το πώς θα προστατευτούν απέναντι στις επιθέσεις phishing και malware με theme the World Cup, to safely enjoy the biggest sporting event in the world.
Digital fraudsters are constantly creating websites that mimic the original World Cup domains, sponsors and associates - including well-known brands - to mislead users and extract personal data such as username, password, and credit card numbers .
Ο Fabio Assolini, Senior Security Researcher of Kaspersky Lab's Global Research and Analysis team, noted: "Only in Brazil, we detect 50-60 new domains every day. These sites are often highly advanced and crafted. In fact, it's not easy for a simple user to distinguish a fake domain from an authentic one. "
Some phishing websites seem safe. For example, their URLs can start with "https" (where "s" means "secure"), as digital criminals are able to buy valid SSL certificates from the certification authorities. Phishing domains also sometimes have mobile versions, with looks that look authentic, targeting smartphones and tablets.
Criminals legitimately use SSL certificates and "infect" computer users with malicious software. In a specific scam, users from Brazil received a message informing them that they had won a World Cup match ticket. If the user clicked on the link to print the ticket, they would be guided to one banking Trojan.
In another attack, an apparently compromised database of customer details was used. Scammers sent personalized e-mails, informing recipients that they had won a ticket to the World Cup. The messages stated the full name recipient's date of birth and full address – information the fraudsters obtained from an unknown database. These messages included a PDF attachment that purported to be the ticket the users had won. In reality, it was yet another banking Trojan.
Digital crime that exploits the huge public interest in the World Cup is not limited to Brazil - it is a global phenomenon. However, it is not new: Kaspersky Lab specialists they said and other World Cup spam campaigns and messages used in Nigerian scam attacks since February.
Here are some useful tips from Kaspersky Lab to protect users from phishing and malware attacks that draw on their World Cup themes:
- Always scrutinize a website before importing information or confidential information. Phishing pages are deliberately designed to look authentic.
- Although the websites whose address beginning with "https" are more secure than those beginning with "http", this does not mean that one can fully trust them. Cybercriminals can obtain legitimate SSL certificates.
- Generally, be careful with the messages you receive from unknown senders. Specifically, avoid clicking on links in emails that come from sources for which you are not entirely sure. Also, do not download and do not open attachments from unreliable sources.
- Make sure you have up-to-date anti-malware protection that blocks phishing websites.
More information on World Cup-related phishing and malware scams is available on Fabio Assolini's blogpost.