With about 5 billion people, from all over the world, to watch the World Cup, the event is undoubtedly in the spotlight these weeks. As the teams progress in their quest to reach the final, fans become increasingly invested in their national team's success, with many placing bets or even traveling to Qatar to show their support in person.
But as the competition increases, it's important for fans to remain vigilant against the increased security risks posed by threat actors, who take advantage of the situation and "run" many phishing campaigns.
What is phishing?
Phishing is a type of cyberattack where fraudsters send messages pretending to be from a trustworthy person or company. Phishing emails are designed to manipulate a user into performing an action, such as downloading a malicious file, clicking on a suspicious link, or revealing sensitive information. The main way a phishing attack is delivered is through SMS, email, social media or other electronic means of communication.
In a phishing campaign, the emails the target receives will appear to come from a known contact or organization. Attackers often create fake websites that look like a trusted entity, such as the target's bank, workplace or university. Through these sites, attackers try to collect personal information, such as usernames and passwords or payment information.
In this case, many of the recent campaigns are related to selling last-minute tickets or announcing a sports bet win. These messages or websites usually include malicious links that, once clicked, deploy malware and infect the device or ask for credentials that hackers can then steal.
Scams related to the World Cup are on the rise
Avanan, εταιρεία της Check Point, έχει ήδη αναφέρει μια εισροή μηνυμάτων ηλεκτρονικού “ψαρέματος” που σχετίζονται με το Παγκόσμιο Κύπελλο, που έχει αναπτυχθεί σε διάφορες γλώσσες. Πολλές από τις απάτες που αναφέρθηκαν έχουν ως επίκεντρο τα αθλητικά στοιχήματα, προσπαθώντας να δελεάσουν τα θύματα να παραδώσουν τραπεζικά στοιχεία. Οι παρακάτω εικόνες παρουσιάζουν μερικά πρόσφατα παραδείγματα χάκερ που προσποιούνται ότι είναι νόμιμοι ιστότοποι στοιχημάτων.
In light of this recent wave of phishing scams, Check Point Software has provided three practical tips allowing fans to focus on the game:
- Be aware of imitation: Many scam sites will use a name domain similar to the brand they are trying to replicate, but with additional letters or misspellings. To make sure you're not handing over your bank details to fraudsters, pay attention to URLs to check for anything unusual or suspicious. By taking a minute to look for telltale signs that a website may be fraudulent, you can quickly determine its legitimacy.
- Never share your credentials: Credential theft is a common goal of phishing emails. Many people reuse the same usernames and passwords across different accounts, so stealing credentials for a single account is likely to give an attacker access to others. Not all attacks are direct either. Some phishing emails deliver malware, such as keyloggers or trojans, designed to track when you type passwords on your computer. Never tell anyone your password, and if an email sends you to a login page, visit the site directly and log in from there to protect yourself from similar phishing sites.
- Protect your mobile devices: With most of us now accessing our email from our phones, and with hackers now sending malicious text messages, it's important that our mobile devices are also protected against the newest threats. Once granted access, one A cybercriminal can steal an incalculable amount of information, and a breach can even compromise a victim's known contacts. As a result, it is important to use proactive mobile threat protection solutions that protect devices from advanced mobile threats.
Check Point has created a live cyber threat map themed around the World Cup. This details the volume of attacks, the top targeted countries and industries, and the most used types of malware in the last day. You can see the map here.
