Mondial 2014: The Expected Cyber Attacks
This post is also available in: עברית (Hebrew)
By Guillaume Lovet
While thousands of Brazilian workers are trying to complete the stadium on time for the opening match, Brazilian cybercriminals are already at work. With a population of approximately 201 million in 2013, Brazil is the world’s fifth most populous country and has one of the largest cybercriminals communities. According to a survey conducted by the Brazilian Banks Federation (Febraban) in 2011, the banking sector reported losses of R$1.5 billion thanks to phishing, online theft, identity theft, online scams and credit card fraud.
A few days before the opening match kick-off of the World Cup, we can expect an onslaught of Internet scams and attacks from the global cybercriminal community in the coming days and weeks. Fortinet’s FortiGuard team is warning Internet users against online scams that they may face. It is important for football fans to remember a few tips to avoid unpleasant surprises:
– Unsolicited emails: Spam email targeted at Internet users announcing that they are the lucky winners of a lottery for 2 tickets for the final of the World Cup, or they can access web sites to watch the matches live.…. While it is very tempting to a fan to click on an email link that says : “You’ve won 2 tickets for the final of the World Cup”, be careful! By clicking on that link, you could be taken to a compromised Website that downloads malware onto your computer. That malware could be used to retrieve all your personal information such as passwords or other credentials, or download additional malware, such as fake antivirus applications, or simply turn your computer into a spam generator.
– Online retailers offering discounted tickets: If you discover an online store that’s offering unbelievable specials for tickets, do some digging to make sure it’s a legitimate store and not a false front that will disappear later that day along with your credit card information. Even if they are legitimate, you’ll want to make sure their site hasn’t been unknowingly compromised by SQL injection or other server attacks. Similarly, avoid believing marketplace websites such as eBay or others offering tickets at low prices for the event. Good deals are often pure frauds.
– Phishing and identity theft: Users may receive an email from their bank and / or Paypal highlighting that a payment for the purchase of 2 footballs tickets is in progress while the Internet user has in fact not made any purchase. To cancel the transaction, the Internet user must click on the link where it will be asked to complete a form with its bank login details. Users should not reply and keep in mind that their bank would never ask for their banking ID by email.
– Unsecured WiFi hotspots in Brazil: While the Brazilian government is strengthening the safety for the World Cup, the 11,222 Israeli fans who will go to Brazil must remain vigilant. Fans who will not have the chance to watch the matches at the stadium will use the Internet to view the results in real time, by connecting to WiFi hotspots at hotels, bars… Do not connect to an unknown unsecure hotspot. An unsecure hotspot allows hackers to capture any and all data that’s flowing from the hotspot, enabling them to intercept logins and passwords, email messages, attached documents and other personal and confidential information.
All of these types of scams are flooding the Web and even well-informed Internet users could be trapped. So, here are some basic but important tips to avoid losing key personal information or money:
– Requests for password or credit card information should set off alarm bells, double check before you comply.
– Be very wary of links that either lead to applications or external websites.
– Believe the popular saying: “If it’s too good to be true, then it probably is”.
– If you haven’t entered a lottery, you can’t win it.
– By connecting even to secure access points, check that the connections to your favorite websites are well secured HTTPS connections.
*The writer is a senior manager of FortiGuard Labs’ Threat Response Team at Fortinet