Kaspersky Lab: As Brazil prepares to host the 2014 FIFA World Cup, which kicks off on June 12, digital criminals are setting up their campaigns to trick fans. Kaspersky Lab wants to share with them users κάποιες συμβουλές για το πώς θα προστατευτούν απέναντι στις phishing attacks and World Cup themed malware to safely enjoy the biggest sporting event in the world.
Digital fraudsters are constantly creating websites imitating the authentic domains of the World Cup, its sponsors and partners – including well-known brands – in order to mislead users and extract their personal data, such as username, Password and credit card numbers.
Ο Fabio Assolini, Senior Security Researcher of Kaspersky Lab's Global Research and Analysis team, noted: "Only in Brazil, we detect 50-60 new domains every day. These sites are often highly advanced and crafted. In fact, it's not easy for a simple user to distinguish a fake domain from an authentic one. "
Some phishing websites look safe. For example, their URLs may start with “https” (where the “s” stands for “secure”), as digital criminals manage to purchase valid SSL certificates from certification authorities. Phishing domains also sometimes have mobile versions, with appearance that looks authentic, targeting smartphone and tablet users.
Criminals also use legitimate SSL certificates to "infect" users' computers with malware. In one particular scam, users from Brazil were getting one message, which "informed" them that they had won a ticket to a World Cup match. If the user "clicked" on the link to print the ticket, they would be taken to one banking Trojan.
In another attack, an apparently infringed database of customer data was used. The scammers sent personalized emails, informing the recipients that they had won a World Cup ticket. The messages contained the full name of the recipient, the date of birth and the full address - information that the fraudsters obtained from an unknown database. These messages included a PDF attachment that was supposed to be the ticket they had won. In fact, it was another banker Trojan.
Digital crime that exploits the huge public interest in the World Cup is not limited to Brazil - it is a global phenomenon. However, it is not new: Kaspersky Lab specialists they said and other World Cup spam campaigns and messages used in Nigerian scam attacks since February.
Here are some useful tips from Kaspersky Lab to protect users from phishing and malware attacks that draw on their World Cup themes:
- Always scrutinize a website before importing information or confidential information. Phishing pages are deliberately designed to look authentic.
- Although webpages whose address starts with "https" are safer than those starting with "http", that does not mean that one can trust them completely. Digital criminals can legitimately obtain SSL certificates.
- Generally, be careful with the messages you receive from unknown senders. Specifically, avoid clicking on links in emails that come from sources for which you are not entirely sure. Also, do not download and do not open attachments from unreliable sources.
- Make sure you have up-to-date anti-malware protection that blocks phishing websites.
More information on World Cup-related phishing and malware scams is available on Fabio Assolini's blogpost.
