World Cup-themed phishing attacks multiply
The FIFA World Cup 2018 is well underway with thousands of football fans tuning in daily to watch the action and flocking to Russia to support their teams. It is a time of great excitement for both the casual and the die-hard fans alike. Unfortunately, it has also become an opportunity for online hackers and scammers to take advantage of the passion and frenzy associated with large sporting events such as these. Since well before the tournament kicked-off in June, there have been reports of scams involving the sale of fraudulent tickets, counterfeit merchandise and false travel and accommodation offers. Insecure WiFi connections in Russia and imitation online betting ads have also caused considerable security concerns for mobile device users, so much so that FIFA has issued a warning for fans to be vigilant of scamming attempts before, during and after both the World Cup in Russia 2018 and Qatar 2022 take place. One of the most concerning of these scams for organizations and mobile device users is false online competitions and offers for free match tickets that direct users to phishing sites and collect personal data. So what exactly are these attacks and what can users do to avoid them?
Fraudulent competition emails
As the championship heats up, tickets to matches are like gold dust with many being sold at up to ten times their face value by ticket touts and resellers. It is for this reason that many fans are on the look-out for a chance to get cheap or free tickets. Emails have been sent posing as FIFA or official partners and sponsors like Coca-Cola or Visa, offering fans the chance to enter a lottery to win free tickets or in some cases, claiming that they have already won. To enter the competition or to claim their free tickets, the ‘lucky’ user is required to follow a link supplied in the email and to enter their contact information. Details such as names, addresses, phone numbers and bank details are obtained via these attacks and are subsequently used for further phishing campaigns or to scam the user financially.
These emails and websites are often very well-designed with a working interface and cannot easily be differentiated from official websites and communications. The use of well-known brand names and logos, as well as SSL certification and HTTP domains, can lure users into a false sense of security and convince them to disclose their personal details. It has been recorded that a large number of domain names containing the words “world”, “worldcup”, “FIFA”, and “Russia” have all recently been registered by private individuals. Such domain names are likely to look unnatural and will use non-standard extensions, such as .site.
Visa is an Official Commercial Partner of the 2018 World Cup and one company in particular that has recorded phishing attacks using their name and branding. Emails claiming to be from the company have been sent requesting personal and credit card details, including card number, expiry date, and CVV security code, in order to claim prize tickets, which of course do not actually exist.
The growth of mobile phishing
Phishing has become a major issue for internet users and is only increasing in seriousness. In 2017, it was reported that there was a 400% increase in the prevalence of spam emails while attacks sent via mobile-specific mediums such as SMS, WhatsApp and Facebook Messenger have grown at an average rate of 85% per year since 2011. The number of phishing and social engineering attacks aimed at mobile devices has grown exponentially in recent years, clearly linked to the fact that more people are now using smartphones and tablets over PCs for both personal and business purposes. In 2016, 56% of mobile users were found to have received and clicked on a phishing URL on a mobile device in the previous five years. Mobile devices have considerable advantages to scammers due to their smaller screens, the fact that the address bar is hidden while the user scrolls and that people are generally more distracted when using their device on-the-go. This allows phishing sites to pose as legitimate websites and can often catch out the user while their defenses are down or while they are particularly vulnerable.
How can organizations protect their mobile devices?
So what can organizations and individual users do to protect themselves and reduce the chances of being phished by fraudulent sites during the World Cup excitement, and thereafter? The first step is education. Tickets should only ever be bought or accepted from official sources. FIFA.com is the only official vendor to sell tickets for the 2018 World Cup and has urged football fans not to purchase tickets from any other sellers as they cannot guarantee their legitimacy. All mobile device users should also be aware of domain names and email origins. Links provided in emails or messages should never be clicked before checking the sender’s official website and confirming that a competition or offer is genuine. General awareness and caution should be taken at all times when dealing with online communications and when disclosing personal information over the internet. If an offer seems too good to be true, more often than not it probably is.
However, should these precautions fail or for organizations to guarantee protection for all employee mobile devices, Corrata provides comprehensive protection against mobile threats by blocking access to any malicious or phishing sites that a mobile device attempts to access via their browser or via links received over email or messaging services. Integration with SIEM supports rapid detection of IOCs (indicators of compromise) across an entire device fleet and enables instant response to newly discovered attacks based on up-to-date threat intelligence. With Corrata, organizations can feel safe in the knowledge that their employees can enjoy the World Cup action without the chance of compromising their personal or the company’s sensitive data.
For further reading, check out one of our previous blog posts on this topic. To find out more about Corrata’s solution for mobile internet security and how it can help your organization, visit our website or contact us at email@example.com.