Some call it soccer. Some call it football. No matter what you term the game, the effects of the 2010 FIFA World Cup, the most widely-viewed sporting event across the globe, can be seen all around the world — and around the Web — following the kickoff in June.
A growing trend seen by online security experts is for scammers to take advantage of the latest breaking news and major worldwide events to distribute malware and, unfortunately, the World Cup, which will be in full swing until mid July, is a prime opportunity for cyber criminals to do just that.
Since the games began this summer, the cyber scams have been kicking off in full force, with reports of sophisticated World Cup-related malware scams, increases in spam themed around to games, and other malicious online ploys.
“Cyber criminals know that they can exploit popular international events to lure victims through various types of social engineering tactics. The World Cup is a prime target due to its prestige and the amount of interest it draws from fans around the world,” says Andrew Browne, head of Lavasoft Malware Labs.
How can you avoid becoming a victim of an attack? Lavasoft Malware Labs' analysts have compiled a list of five eminent online security risks surrounding the World Cup — and specific steps you can take to stay safe. Read on to learn more.
- Spam with malicious attachments. Be wary of unsolicited World Cup-related messages with an attachment, particularly if the attached file is a PDF. One of the latest PDF attacks took advantage of an Adobe Reader vulnerability that was recently patched. “Check that all applications and programs are patched and up-to-date. Turn on Windows automatic updates and make sure to have the latest security patches from Microsoft installed,” Malware Labs says.
- Targeted phishing ploys. There has been a deluge of the following themes in World Cup-related phishing messages: refunds, tickets sales and lotteries, accommodations, travel, and team merchandise. “If you receive an unsolicited message, delete it without opening,” Malware Labs says.
- SEO poisoning. Cyber scammers are poisoning search engine results using World Cup-related headlines and videos to lead to malicious sites in an attempt to push rogue (fake) security software and other types of malware. “Check all URL's carefully before clicking on them, and be especially mindful of only using trusted sites during this time,” Malware Labs says.
- Application downloads. With so many viewers planning to watch the games online, malware purveyors can be expected to capitalize on ways to infect users looking to download media players. “Vet any applications that allow you to stream World Cup content,” Malware Labs says.
- Legitimate sites serving malware. Malicious code can be hacked into vulnerable, legitimate websites in order to infect users. Legitimate World Cup-related sites are attractive targets for cybercriminals. “Make sure that you have core protection on your PC (anti-virus, anti-spyware, and firewall). Consider using an alternate browser, like Google Chrome or Mozilla Firefox, rather than Internet Explorer. If you use Firefox, install the NoScript plug-in for Firefox to intercept potentially malicious scripts (http://noscript.net),” Malware Labs says.
“The target of these types of social engineering attacks is the computer user, where infection occurs by the person making an interactive choice. We hope that sports fan watching the games online from their home or office — in addition to having anti-malware protection on their PC's — pay close attention to the types of threats that we anticipate will be prevalent so they have a better understanding of what not to click, download, or respond to,” Browne says.