Posted by Geraldine Hunt on Thu, Mar 27th, 2014
Network security issues always arise around popular international events. Unfortunately, the upcoming World Cup in Brazil is already inspiring all kinds of scams. A massive event of international interest like the World Cup will always have lots of legitimate promotional campaigns and activity running alongside it with companys attempting to take advantage of the hype and excitement surrounding the event.
However amongst the legitimate campaigns and promotions you will also see many scam emails promising everything from free match tickets to all inclusive packages to visit the the World Cup, including flights. If offers like this sound too good to be true you’d be correct in thinking they usually are! Here’s just a short rundown of what the criminal underworld has come up with so far.
Big sports event inspire malware-loaded email mass mailings.
Of course, any big sports event inspires malware-loaded email mass mailings, and the World Cup is no exception. Emails have been going out congratulating the recipient on winning two tickets to the World Cup. The link that purportedly prints the tickets actually downloads the worm VBS.Dinihou, which then proceeds to infect USB drives and download malicious files. There are also links to websites and phishing emails that aim to steal credit card information. It's crucial to have an up to date and powerful business anti spam and network security solution in place to block these emails from entering your network.
Tickets to the World Cup can only be purchased at the official FIFA site but there are dozens of fake ticket purchase sites. Some sites claim to offer tickets as part of a travel package or as part of a package of tickets for sporting events. Some of the sites are asking as much as $30,000 per person. In some cases, fake tickets are already being issued, though legitimate tickets won’t be available until April.
FIFA says that black-market tickets are also being sold, sometimes at a 300% markup. Around 130 companies are under investigation for unauthorized black-market sales Potential buyers are being warned that only registered purchasers will actually be able to see the games.
Not a question of 'if' the World Cup will be targeted by scammers but 'when'!
Many Brazilians are far from happy about the government spending on the World Cup, and hackers sympathetic to their cause are threatening to target sites operated by FIFA and the Brazilian government. Brazil’s telecommunications infrastructure is shaky under the best of circumstances and very vulnerable. According to The Guardian, one of the world’s most sophisticated cyber criminal communities finds its home in Brazil, and this community has already been disrupting ticket sales. The Guardian quotes security expert William Beer: “It’s not a question of whether the Cup will be targeted, but when.”
The group Anonymous has said it may attack FIFA, the government, and sponsors. In 2012, Anonymous crippled the websites of some of Brazil’s major banks. The banks have since invested heavily in security, but much of Brazil’s cyber infrastructure is still undefended and very fragile.
Individuals who are interested in attending the games should be very cautious about opening emails, clicking on anything on unfamiliar websites, or buying tickets from anyone but FIFA. As always, up-to-date anti-spam and antivirus software, being cautious about email attachments, and avoiding suspicious websites will go a long way towards keeping sports enthusiasts, and everybody else, safe.
Fraudsters will be looking for new ways to exploit the enthusiasm that comes with the FIFA World Cup, which will be taking place in Brazil this June. The ramifications of you being scammed could be very serious indeed. Not only could you become a victim of fraud by having your bank account emptied by these fraudsters, you could also end up a malware infected network.
Consequences of damage from a malware intrusion include :
Data Loss
The most common forms of malware damage is data loss. Many viruses and Trojans will attempt to delete files or wipe hard drives when activated. Even worse, viruses can lay dormant for a significant time before activating, so backed-up files can also be infected and impossible to save.
Account & Password Theft
Many types of malware include keylogger functions, designed to steal accounts and passwords. This can give the scammer access to your user's online accounts and the company’s email servers from which the hacker can launch new attacks.
Botnets
Many types of malware also take over the user’s computer and turn it into a "bot". Hackers use these botnets to crack password files or send out bulk emails. Much of this can go unnoticed by the user.
Post malware intrusion cleaning costs
Part of the damage from any malware intrusion includes the time and effort required to remove the damaging files. Removing malware can be tricky, for a company network a malware removal project can be a major undertaking. Companies spend billions of dollars worldwide to clean up malware damage. Damage from a malware intrusion can take many forms, from the loss of important data to serious financial consequences.
Financial Losses
One of the worst types of damage malware can cause is direct financial losses. If a hacker gains access to a credit card or bank account via a keylogger, this data can be used to run up charges or clear the account.
Global events can be very lucrative for scammers as they have the potential to scam more victims by appealing to peoples’ interest and curiosity. SpamTitan expects more and more of these scams to appear as we get closer to the 2014 World Cup.
Users must be on guard and take some sensible security precautions:
Don’t be caught offside - be alert, be smart and don’t open your company’s door to scammers.