The World Cup and Malware
For fans and non-fans alike that means that for the next few weeks all things football will be circulating the web. Unfortunately, that can also include malware (and the word soccer). Teams of malware authors, cybercriminals, and hackers often leverage worldly events to propagate their scams, and the 2014 FIFA World Cup is no exception. Fortunately, there are a number things you can do to defend your digital goalposts.
Watch out for World Cup cyber scams
In today’s playing field, it takes cybercriminals very little time and effort to fabricate moderately convincing phishing emails and fake websites. Like anyone else, cybercriminals also like to play the odds. The fact that the World Cup is a global event therefore means that World Cup scams can have a global reach. For maliciously ambitious cybercriminals, that means global profit.
Watch out for World Cup promotions and free offers
Emails offering you free tickets to a World Cup match or free access to World Cup streaming sites should be opened with the utmost caution. If you did not sign up for a such a promotion, you are likely on someone’s spam-to list, and it is possible that that someone could be a cybercriminal. Emailed links in such promotions could connect you to a phishing website designed to steal your identity, or a “drive-by” website designed to infect your computer with malware.
Watch out for malicious World Cup “invoices”
One common malware method, World Cup or not, is for cybercriminals to send their victims malicious attachments. Many times, these attachments pose as financial invoices for a recent purchase. During the next few weeks, thousands of people will be buying World Cup related merchandise and even World Cup tickets online. This is a prime opportunity for cybercriminals to email blast the masses with malicious “invoices” that are actually malware.
Watch out for malicious World Cup “highlight reels”
Another one to watch for is anything that claims to be a World Cup highlight reel, attached as a video. If you receive something of this nature from a stranger, you should probably just ignore it. If you receive something of this nature from a friend, you should ask them if they were the one who sent it to you – if not, their email account may be compromised and you should not open the file.
Watch out for extraordinary deals on World Cup tickets and merchandise
Anyone who has ever been to any sporting event will know a ticket scalper when they see one. These types of individuals also exist online and are unfortunately a bit harder to spot. For safer e-commerce, we recommend our Security Knowledge Article: How to avoid losing your hard earned money to online purchase fraud.
Watch out when you search “World Cup”
That some of the next month’s most popular Google search terms will be World Cup related is another prime opportunity for cybercriminals to construct malicious landing pages designed to steal your credentials and infect your computer with malware. In short, be careful where you
Watch out for World Cup malware apps
Unregulated, third party mobile app markets are prime breeding grounds for mobile malware. Recent reports have indicated a significant increase in malicious apps that pose as World Cup games, wallpapers, stat trackers, and betting applications. In reality, these applications are often malware designed to:
- Connect your device to premium rate SMS services and charge exorbitant bills
- Steal sensitive data, such as contact lists and text messages
- Connect your device to a mobile botnet, and spread more malware to your contacts and friends
As with avoiding any mobile malware, it is always best to download apps from third party sources with extreme caution, if at all. For the most comprehensive protection, we also recommend adding Emsisoft Mobile Security as your Android-based goalkeeper.
Watch out for another World Cup Anonymous hack!
This one isn’t exactly something that most of us will need to look out for, but it is nevertheless quite interesting. On June 11th, international hacking, or “hacktivist” group, Anonymous took down a number of websites owned by World Cup sponsors and branches of the Brazilian government using distributed denial of service (DDOS) attacks. Affected entities included Hyundai, the Emirates Group, the Brazilian Intelligence Agency, and Brazil’s Department of Justice. Other websites that were affected are included on this list posted on Twitter by the Hacker News.
Anonymous states in a video posted to Youtube that these attacks are in direct protest to the massive amount of money the Brazilian government spent to host the 2014 World Cup. Anonymous believes that this is money that could have been put to better use, such as helping Brazil’s poor; and, the cyber attacks were actually timed to coincide with real-life protests in the streets.
World Cup Security Bonus Tip: Make Password-Free Predictions
In a year that has seen what was perhaps the most widespread computer security issue of all time, it’s no surprise to see a bit of World Cup password consciousness going around.
NosPronos.com is a free website you can use to make World Cup winner predictions with your friends, and it utilizes a completely password-free log in process. Instead, registrants simply create a username. After doing so, they are provided with a secret URL which can then be copied and pasted into the browser’s navigation bar whenever users want to log in.
In addition, NosPronos does not require you to share any personal information, such as an email address. This privacy centric approach helps to protect user identities and cut down on needless spam.
Red Card Attackers and Keep them Off the Field
No matter who you are rooting for, it is probably not the cybercriminals. To remain protected amidst all the excitement, treat all World Cup web activities as you would any others – consider cyber crooks that ugly breed of athlete who doesn’t play fair; consider yourself an ever-attentive goal keeper, dead-set on guarding your online identity; and, consider Emsisoft Anti-Malware if you’re looking for a vigilant referee dedicated to leveling the playing field.
Have a Great (Malware-Free) FIFA World Cup 2014!!!LinkedIn Lawsuit: Mining Email Contact Lists