Phishers target the 2014 Soccer World Cup
27 May 2014, 09:10
Cape Town - The Soccer World Cup is around the corner, and online scammers are already sharpening their skills ahead of the global showcase.
Criminals have built a range of sophisticated, but fraudulent websites and platforms as final preparations draw to a close for the World Cup which starts on 12 June.
"Online fraudsters have been actively creating sophisticated websites imitating authentic domains of the World Cup, its sponsors, and partners - including well-known brands - trying to lure users to share their private data, such as usernames, passwords and credit card numbers," said security company Kaspersky Lab.
One of the most popular forms of attack is that of phishing.
Criminals usually send e-mail purporting to be from a legitimate source like a retail chain, insurance company or financial institution and the recipient is expected to click on a link to a fraudulent website.
"We detect 50-60 new phishing domains every day in Brazil alone, and they are often highly sophisticated and very skilfully designed. In fact, for an ordinary user it’s far from easy to distinguish a fraudulent domain from a real one," said Fabio Assolini, senior security researcher at the Global Research and Analysis Team at Kaspersky Lab.
Security experts have warned that hackers use spam to target potential victims because experience has shown that people click on links, often out of curiosity or against their better judgement.
"If that e-mail that comes in talks to your interest, you are going to click on that link. It looks very legitimate because they've designed it that way," Andrew Kirkland, Trustwave regional director for Africa told News24.
The company's Global Security Report found that spam up around 70% of all inbound e-mail, and at least 59% of unsolicited mail a contained malicious attachment and 41% contained links that were designed to compromise a computer.
Kaspersky reported an alarming trend: Some phishing websites had even evolved to appear safe by having URLs that begin with "https" - normally reserved for secure sites.
"In one scam, users in Brazil would receive a message telling them they had won a World Cup game ticket. If a user clicked on the link to print the ticket, it led to a digitally signed Trojan banker," said the company about the fact that hackers had purchased a valid SSL certificate.
Kaspersky also said that a popular scam is to send users an e-mail to say they had won tickets to the soccer showcase, but the user was directed to a fraudulent site where the hacker could steal credit card and other personal data.
To limit the impact of cybercrime, internet users should adopt a cynical attitude, especially to e-mails from unknown sources.
This video illustrates how cyber criminals change their behaviour:
- Follow Duncan on Twitter