Beware: Brazil World Cup scams

While the world watches as Brazil World Cup 2014 started, the network crooks join in celebrating with campaigns aimed at football fans.

Cyber criminals are very active in creating sophisticated Web sites posing as genuine World Cup sites, and sites of sponsors and partners of the event, including recognized and well-known brands, in an attempt to lure users to share their personal information, such as user names, passwords and credit card numbers.

Already there are around 50 new phishing sites every day in Brazil alone, and many of them are very sophisticated and carefully planned. In fact, a normal user would find it very difficult to distinguish between them and the real sites.

Some phishing sites even seem safe to use, for example URLs that begin with HTTPS, when the letter S represents the Internet word ‘secure’. This is because the hackers successfully acquire SSL certificates from security entities.

Sometimes even original SSL certificates are used to infect computers with malicious code. In one fraud, users were informed that they have won World Cup tickets. User who clicks on the link to print the card gets infected with a digitally signed Trojan horse.

Another attack is based on an earlier breach to customer data base. Hackers send personal e-mail message announcing the recipients that they have won World Cup tickets. The posts include the recipient’s full name, date of birth, address and more, and in addition a PDF file displaying the winning ticket, which is actually a Trojan horse.

Phishing sites often also hold mobile versions with an original appearance intended to entrap smartphone and tablet users.

So what can you do?

  1. Always check the web page before typing personal and confidential information. Phishing sites are designed to look like the original.
  2. Although HTTPS sites are more secure, they are not necessarily reliable. Network hackers seem to get SSL certificates authenticity for their sites.
  3. Generally, beware from messages you receive from senders you do not know. Especially, avoid clicking on links, download or open attachments from messages that arrive from sources you are not completely sure about.
  4. Be sure that you have updated protection against malicious code and phishing sites.
  5. Enjoy the event!