Allot Communications : Will Your Defense Conquer World Cup Malware?

Don't let cybercriminals score. Beat their game-plan.

Cybercriminals typically take advantage of the huge public interest in major international events. The FIFA World Cup 2018 that begins shortly in Russia is no exception and cybercriminals have been busy exploiting the excitement about the world's biggest sporting event. The numbers are staggering. FIFA estimated that 715.1 million people watched the final match of the 2006 FIFA World Cup held in Germany and the 2010 event in South Africa was broadcast to 204 countries on 245 different channels. We can assume that this year's numbers will exceed these.

Consequently there are vast numbers of people that can be targeted by unscrupulous scammers, so the risks to internet and data security will spike during the month-long footballing extravaganza. Part of taking necessary precautions is knowing what motivates cybercriminals, understanding what they do, and being aware of their activities. This blog post gives you the low-down on what they're up to and what to avoid to defend yourself against online fraud and disruption.

Understanding hackers' mentality in trending events

First of all, we have to try to understand the mentality of cybercriminals in order to identify how they are going to try to trick people. Their aim is to exploit people's interest. So, an event like the World Cup that attracts so many people, is fertile ground for online fraud, and they will use a variety of tactics to snare unsuspecting internet users: from fake accommodation bookings to fake match tickets; from cheap travel offers to prize draws. The World Cup is typical of any event or phenomenon that generates hype: new music, games, or movie releases, new product launches and the like. Anything that interests millions of people is a legitimate target for scammers.

What has happened before? Examples from Euro 2016

We can confidently predict that we will experience this type of activity during this World Cup because every football event of this magnitude has been a potential focus of malicious activity.

For example, before and during UEFA Euro 2016 there was a rise in the incidence of phishing emails disguised as an official source and claiming that the user had won £760,000 in a UEFA Euro 2016 online e-draw. Obviously, this email was not from UEFA and the user didn't win any money. This email was a scam designed to trick the target into sending money and personal information to cybercriminals.

Another similar type of scam that we saw during UEFA Euro 2016 was that users received a mail that attached a malicious archive and contained malware. The topic of the email was the same as we mentioned before, stating that the targeted user had won a lottery and needed to give personal information to the cybercriminals in order to receive the prize

CONGRATULATIONS!!!

Your E-MailAddressHave Won You £500,000.00(FIVE HUNDREDTHOUSAND EURO). ThisPromotion is for The 2016 UEFA EuropeanChampionshiphostedin France, Sponsored by Coca-ColaAdida,s Hisense and Swiu Government.

Thisis fromatotal cash prize of £50,000.000.00 (FIVEHUNDRED THOUSAND EURO),sharedamongst the firstOne-Hundred Winnersin thiscategory worldwide.Pleasenotethatyour lucky winning numberfallswithinourLottery booklet representativeofficein Europeasindicatedin your play

coupon, becausethisparticular drawwas selectedto promoteThe2016 UEFAEuropean

How are cybercriminals exploiting World Cup 2018?

The World Cup is imminent, but hackers started their activities well in advance. We have noticed a rise in unwanted e-mails that cybercriminals use to trick users sending phishing pages attached with malware and ads. According to Kaspersky Lab, during the ticket-selling period, there was a rise in the number of phishing pages as well as the number of spam e-mails sent, fraud websites imitating the original ones, fake giveaways and even clone websites imitating those from FIFA.

As we approach the tournament kick-off, the number of active cybercriminals is rising, as well as the variants of the 'attacks' mentioned before. And, as Kaspersky Lab identifies, the most common forms of World Cup-related malware / online fraud are:

• Fake notifications of lottery prizes

One of the main types of scam associated with the World Cup 2018 is the fake notification of lottery prizes. These emails appear to be organized by the sponsors of the tournament and by FIFA but, in reality, they are created by cybercriminals that want to take your data.