As the FIFA World Cup 2014 continues to get more and more attention of tourists and football followers from all corners of the world, it also brings with it the unwanted attention of cybercriminals looking to exploit people’s interest to this popular sport. Kaspersky Lab experts share a list of basic do’s and don’ts to make your football experience safer, whether you are travelling to Brazil, checking scores online, watching games online or via mobile applications.
Online threats related to broadcasting of the games
Many fans are looking for a live stream of the games, but they should be aware going to a wrong website can cost them money or leave a malicious program on the computer.
Live Word Cup broadcast with purchased advertisements could lead to fraudulent or malicious content. One example is when you go to the website, it asks you to download a special plugin supposed to be the player needed to watch the on-line broadcast of the games. In reality, it is an Adware program, which may not show you anything but will drain your computer’s resources.
The sites offer every game, at any time promise high quality footage taken from the best cameras in the arenas. However, if you pay, you will just lose your money. Dubious and dishonest websites like these have no interest in playing by any rules.
And like with phishing websites there appeared a lot of new registered domain names containing words like “Fifa Live World Cup steaming 2014” which can be largely used for a malicious purpose.
Cybercriminals, opportunists and other malicious individuals look for occasions like the World Cup. They know this is the best time to cheat people, stealing their money and infecting their devices. Stay ahead of the game and do not fall into their social engineering traps. Use the best anti-malware protection and keep your wits about you when browsing and looking for the content. By the way, if you want to see a live broadcasting, probably you may use one of these legitimate councils.
Phishing schemes
Online fraudsters have been actively creating sophisticated websites imitating authentic domains of the World Cup, its sponsors, and partners – including well-known brands – trying to lure users to share their private data, such as usernames, passwords and credit card numbers.
Fabio Assolini, Kaspersky Lab’s Senior Security Researcher with its Global Research and Analysis Team, said: “We detect 50-60 new phishing domains every day in Brazil alone, and they are often highly sophisticated and very skillfully designed. In fact, for an ordinary user it’s far from easy to distinguish a fraudulent domain from a real one.”
Some phishing websites appear to be safe. For example, their URLs may start with ‘https’, where the ‘s’ stands for ‘secure’, as the cybercriminals manage to purchase valid SSL certificates from certification authorities. Phishing domains also sometimes have mobile versions with an authentic look and feel aimed at users of smartphones and tablets. Criminals use legitimate SSL certificates also to infect users’ computers with malware.
There are also messages about winning World Cup game tickets with links or attachments that people should be cautious about, even if they include user’s full name, date of birth and other credentials, which can be taken from a breached database.
Here are some tips to stay secure against phishing schemes and malware that use a World Cup context to stage their attacks:
Using ATMs and Avoiding Credit Card Cloning
If you are going to Brazil and still haven’t decided how you plan to pay your bills there – cash or credit card – it is high time to do so. Kaspersky Lab warns that Brazil has some of the most creative and active criminals specializing in credit card cloning. Below are some tips from Kaspersky Lab on how to protect yourself against the most common attacks on ATMs, point of sales (PoS) devices and on using ATMs in Brazil.
Insecure Wi-Fi Networks
As data roaming charges for cell phones are generally very expensive, many travelers to the World Cup in Brazil will probably just opt to use free Wi-Fi access points, and probably not give much thought to security issues. This is a very risky approach, however, because all the data that is sent or received on open Wi-Fi networks could be intercepted.
Kaspersky Lab security experts conducted research into Wi-Fi access in São Paulo. They drove 100 km around the city and checked out more than 5,000 different access points popular among tourists – parks, malls, airports and other attractions. As a result of the study, it turned out that 26% of the 5,000 open Wi-Fi networks in São Paolo don’t use any encryption. Below are some tips on using Wi-Fi networks:
Malicious AC/DC Charging Points
Passwords, PINs and other sensitive data could also fall into the hands of cybercriminals if public charging stations are used – in Brazil these publically available chargers may be malicious. A malicious AC/DC charger will still charge your battery, but at the same time it can silently steal information from your smartphone. The interception will happen via a USB connection, as the majority of plugs use this type of connection. In some cases these fake chargers can also install malware capable of tracking your location, stealing notes, contacts, pictures, messages as well as call records, saved passwords and even browser cookies.
Try to optimize battery life by shutting down unnecessary processes and turning on airplane mode when a cell phone network is not available. You can also disable sounds, vibrations and tones and other resource-hungry features, like animated wallpapers etc.