Will Your Defense Conquer World Cup Malware?

Don’t let cybercriminals score. Beat their game-plan. 

Cybercriminals typically take advantage of the huge public interest in major international events. The FIFA World Cup 2018 that begins shortly in Russia is no exception and cybercriminals have been busy exploiting the excitement about the world’s biggest sporting event. The numbers are staggering. FIFA estimated that 715.1 million people watched the final match of the 2006 FIFA World Cup held in Germany and the 2010 event in South Africa was broadcast to 204 countries on 245 different channels. We can assume that this year’s numbers will exceed these.

Consequently there are vast numbers of people that can be targeted by unscrupulous scammers, so the risks to internet and data security will spike during the month-long footballing extravaganza. Part of taking necessary precautions is knowing what motivates cybercriminals, understanding what they do, and being aware of their activities. This blog post gives you the low-down on what they’re up to and what to avoid to defend yourself against online fraud and disruption.

Understanding hackers’ mentality in trending events

First of all, we have to try to understand the mentality of cybercriminals in order to identify how they are going to try to trick people. Their aim is to exploit people’s interest. So, an event like the World Cup that attracts so many people, is fertile ground for online fraud, and they will use a variety of tactics to snare unsuspecting internet users: from fake accommodation bookings to fake match tickets; from cheap travel offers to prize draws. The World Cup is typical of any event or phenomenon that generates hype:  new music, games, or movie releases, new product launches and the like. Anything that interests millions of people is a legitimate target for scammers.

What has happened before? Examples from Euro 2016

We can confidently predict that we will experience this type of activity during this World Cup because every football event of this magnitude has been a potential focus of malicious activity.

For example, before and during UEFA Euro 2016 there was a rise in the incidence of phishing emails disguised as an official source and claiming that the user had won £760,000 in a UEFA Euro 2016 online e-draw. Obviously, this email was not from UEFA and the user didn’t win any money. This email was a scam designed to trick the target into sending money and personal information to cybercriminals.

 

Another similar type of scam that we saw during UEFA Euro 2016 was that users received a mail that attached a malicious archive and contained malware. The topic of the email was the same as we mentioned before, stating that the targeted user had won a lottery and needed to give personal information to the cybercriminals in order to receive the prize

CONGRATULATIONS!!!

Your E-Mail Address Have Won You £500,000.00 (FIVE HUNDRED THOUSAND EURO). This Promotion is for The 2016 UEFA European Championship hosted in France, Sponsored by Coca-Cola, Adidas, Hisense and the Swiss Government.

This is from a total cash prize of £50,000.000.00 (FIVE HUNDRED THOUSAND EURO),shared amongst the first One-Hundred Winners in this category worldwide. Please note that your lucky winning number falls within our Lottery booklet representative office in Europe as indicated in your play coupon, because this particular draw was selected to promote The 2016 UEFA European…

 How are cybercriminals exploiting World Cup 2018?

The World Cup is imminent, but hackers started their activities well in advance. We have noticed a rise in unwanted e-mails that cybercriminals use to trick users sending phishing pages attached with malware and ads. According to Kaspersky Lab, during the ticket-selling period, there was a rise in the number of phishing pages as well as the number of spam e-mails sent, fraud websites imitating the original ones, fake giveaways and even clone websites imitating those from FIFA.

As we approach the tournament kick-off, the number of active cybercriminals is rising, as well as the variants of the “attacks” mentioned before. And, as Kaspersky Lab identifies, the most common forms of World Cup-related malware / online fraud are:

  • Fake notifications of lottery prizes

One of the main types of scam associated with the World Cup 2018 is the fake notification of lottery prizes. These emails appear to be organized by the sponsors of the tournament and by FIFA but, in reality, they are created by cybercriminals that want to take your data.

Following the announcements of the host countries for the 2018 and 2022 FIFA World Cup, FIFA has been alerted to a growing number of e-mails and scams fraudulently claiming to be associated or linked with both tournaments. These emails usually have documents attached and ask for personal data, sometimes even to pay for the expenses in order to make a money transfer. The goal of these messages is to collect personal and financial data from the users. Sometimes, these emails contain an infected archive that is attached.

Cybercriminals also take advantage of the demand for match tickets, by offering the users a chance to participate in a giveaway with tickets or travel as prizes. The user will always win, then will have to give personal data that the cybercriminals will use in order to send spam and obtain revenue

  • Spam

During the preparation for the World Cup, there has been an increase of spam email. With this type of scam, cybercriminals earn revenue via ads or per web hits. They use the characteristic design of FIFA’s official store to trick the user and try to be a “friendly” website.

  • Fake Tickets

This is a well-known technique that uses the re-selling process for some matches, but we have to be extremely careful about buying something that is not from the official store. There is a high risk that we end up buying fake tickets three times their original price.

The tickets can only be obtained in FIFA’s official store. There is a high chance that, even if you buy an original ticket, you cannot access to the stadium if you do not match the data of the original buyer.

No one is going to give anything FOR FREE (asides from the draws of the original site or the partners). Do not trust any kind of “FREE TICKETS” email or notification. A spokesperson for FIFA said that FIFA regards the illicit sale and distribution of tickets as a very serious issue and “it reminds all football fans that FIFA.com/tickets is the only official and legitimate website from which to buy 2018 FIFA World Cup tickets.” He continued:

“FIFA has received various complaints and inquiries by customers of non-authorized ticket sales platforms, and has consistently confirmed that these companies cannot guarantee access to the stadiums as the respective tickets may be cancelled. Insofar customers are at risk of investing a high amount of money also for traveling and accommodation) without having the certainty to actually being able to attend the matches.”

  • Fake sites and fake notifications of the official partners

One of the most used methods to obtain data from the user is to clone an original website of one of the official partners and ask for data there. As we approach the start of the World Cup, those official partners are performing giveaways so they get views, earn revenue via ads etc. So cybercriminals use this to trick the user into giving data to them, by replicating websites that are indistinguishable from the originals except for the domain.

Another method the cybercriminals use is to notify the user that the security system of the original website has been updated and they need to input all their personal data again. The scammer sends a link in an email that redirects to a malicious website where the user has to log-in

A company that has been specially exploited by the cybercriminals is Visa. The hackers use this brand name to offer a participation in a promotion that includes valuable prizes. To participate, users have to follow a link that redirects them to a phishing website where they have to input their bank account details alongside their credit card’s CVV security number.

  • Miscellaneous

 Besides the methods mentioned before, phishing scammers use malicious software in their attempts to acquire data from users, e.g.: They use the pretext of an update of Flash Player in order to watch a game, when in reality they are installing a malicious program. Sometimes, the cybercriminals are not even interested in the personal or economic data from the user.

For example: there has been an update in the FIFA football simulation game. Cybercriminals asked for the authentication data of the game so they can “introduce” the update earlier. If victims’ accounts have something valuable, the cybercriminals change the log-in information and sell the account details.

Conclusions

With all of this information in mind, the best advice to protect yourself against World Cup malware is to only trust reliable sources and use caution. To give credibility to their sites, cybercriminals register domains that look like the originals but they are not completely identical

They can clone the website, the functionality, etc. but not the domain. Users cannot trust the HTTPS either because the cybercriminals buy SSL certificates that usually don’t check the information given, so they can put the HTTPS in the link

Be careful to check the sender / source of any emails, and the source URL of any promotional offers or promotional material. Before you open anything, try and be as confident as you can that they come from reliable sources. Cybercriminals know how to tempt us just by doing some research and throwing their attacks onto the Internet. It’s just a matter of time before someone falls for their bait.

In general, mobile users from Allot CSP customers using NetworkSecure, are protected against malware, phishing, and from other malicious attacks and websites. It’s important to use a security system to guarantee our safety but this must be complemented by careful behavior by users. Keeping them informed and educated about cybersecurity will reinforce their protection against online fraud and will maximize their security.

Click here to learn more about how Allot Network Secure can protect your network and your users against sophisticated malware attack.

*** This is a Security Bloggers Network syndicated blog from Allot Blog authored by Juan Antonio Latasa. Read the original post at: https://blog.allot.com/world_cup2018_malware/