Requests for password or credit card information should set off alarm bells
Be very wary of links that either lead to applications or external websites
WITH the opening of the 2014 FIFA World Cup a mere days away, Fortinet’s FortiGuard team is warning Internet users against an onslaught of Internet scams and attacks from the global cybercriminal community in the coming days and weeks.
The world’s biggest sporting event – FIFA estimates a viewership of around 3.2 billion people for the 64 matches – kicks off on June 12 with host Brazil playing Croatia. The final in Rio de Janeiro in mid-July is expected to pull in 1.3 billion viewers.
Many are expected to follow the World Cup via a variety of devices and the Internet, and most conversations online and off from June to July will be about the tournament.
It is important for football fans to remember a few tips to avoid unpleasant surprises:
Spam email targeted at Internet users announcing that they are the lucky winners of a lottery for two tickets for the final of the World Cup, or they can access websites to watch the matches live.
While it is very tempting to a fan to click on an email link that says: “You’ve won 2 tickets for the final of the World Cup,” be careful! By clicking on that link, you could be taken to a compromised website that downloads malware onto your computer.
That malware could be used as a key logger on your computer to retrieve all your personal information such as your passwords or other credentials, or download additional malware, such as fake antivirus applications, or simply turn your computer into a spam generator.
Spammers and scammers love this kind of event because they know, during the duration of the World Cup, all football fans will be using the Internet looking for attractive offers.
Online retailers offering discounted tickets
If you discover an online store that’s offering unbelievable specials for tickets, do some digging to make sure it’s a legitimate store and not a false front that will disappear later that day along with your credit card information.
Even if they are legitimate, you’ll want to make sure their site hasn’t been unknowingly compromised by SQL injection or other server attacks.
Compromised websites won’t always redirect you to a malicious site, but often will phish or try to surreptitiously install other forms of malware on your computer, such as trojans, bots, key loggers and rootkits, all of which are designed to harm systems and steal personal information.
Similarly, avoid believing marketplace websites such as eBay or others offering tickets at low prices for the event.
One must be suspicious of deals that appear to be too good to be true during this hot event period, as the good deals are often pure fraud.
Phishing and identity theft
Users may receive an email from their bank and/ or PayPal highlighting that a payment for the purchase of two footballs tickets is in progress while the Internet user has in fact not made any purchase.
To cancel the transaction, the Internet user must click on the link where it will be asked to complete a form with its bank login details.
Users should not reply and keep in mind that their bank would never ask for their banking ID by email. If they give away their banking credentials, their account could be completely emptied by scammers.
This technique, called phishing, is also used by scammers to acquire other sensitive information like social security numbers. This scam can quickly become a major issue that affects more people than just the victim: damage can snowball when stolen credentials are used in second-stage attacks.
Unsecured WiFi hotspots in Brazil
While the Brazilian Government is strengthening safety for the World Cup, fans who go to Brazil must remain vigilant. Those who do not have a chance to watch the matches at the stadium will use the Internet to view the results in real time, by connecting to WiFi hotspots at hotels, bars.
Do not connect to an unknown unsecure hotspot. An unsecure hotspot allows hackers to capture any and all data that’s flowing from the hotspot, enabling them to intercept logins and passwords, email messages, attached documents and other personal and confidential information.
All of these types of scams are flooding the Web and even well-informed Internet users could be trapped.
So, here are some basic but important tips to avoid losing key personal information or money:
Requests for password or credit card information should set off alarm bells, double check before you comply;
Be very wary of links that either lead to applications or external websites;
Believe the popular saying: “If it's too good to be true, then it probably is”;
If you haven't entered a lottery, you can't win it.
By connecting even to secure access points, check that the connections to your favourite websites are well secured HTTPS connections.
Guillaume Lovet is senior manager, FortiGuard Labs' Threat Response Team, Fortinet
Are Malaysian business networks ready for the World Cup?
Phishers and scammers targeting the World Cup: Kaspersky
Goal.com scores with mobility moves ahead of World Cup
A potential disruptor to live broadcasting
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.