Avoiding Online Risks Kicking Off with the 2010 FIFA World Cup
Cyber criminals will continue hijacking current news and events to serve malware. A rundown of the most prevalent online security risks, and how to avoid them.
Cyber criminals will continue hijacking current news and events to serve malware. A rundown of the most prevalent online security risks, and how to avoid them.
Security may not be top of mind for sports fans this coming week. After all, eager football fans have reason to be shortsighted due to excitement over the FIFA World Cup — the world’s biggest football event, which only takes place every four years — kicking off June 11.
Although online security may not be a focal point during the World Cup, it should be. And here’s why: ahead of and throughout the games, cyber criminals will be setting stealthy online traps aimed at leveraging public interest surrounding those searching for World Cup footage, news, and event information.
Scammers taking advantage of the latest breaking news and major worldwide events to distribute malware and con potential victims is a growing trend, according to online security experts. The World Cup, which lasts throughout mid-July, is known to be the most widely-viewed sporting event in the world. Events that draw such pervasive and ongoing public interest will, without a doubt, be used to propagate socially-engineered crimes — where users are manipulated into performing certain actions or disclosing confidential information.
Couple that with the sheer number of people who are interested in the games and turning to social and online media for the latest news and information, and the security repercussions become even more ominous. On Facebook’s company blog, Landon Donovan of the U.S. Soccer team recently shared his perspective on staying connected with fans via social media and predicted that, “With the rise of social media and greater accessibility of the Internet, this year’s World Cup will have an unprecedented level of fan involvement and participation.”
These football fans, hungry for information on the games, may be more susceptible to visiting unfamiliar and untrustworthy websites and opening unsolicited e-mail offers, thus exposing themselves to viruses, malware, rogue security programs, and phishing attacks.
“Cyber criminals know that they can exploit popular international events to lure victims through various types of social engineering tactics. The World Cup is a prime target due to its prestige and the amount of interest it draws from fans around the world,” said Andrew Browne, head of Lavasoft Malware Labs.
The Most Prevalent Risks — And What Businesses and Consumers Can Do to Avoid Them
What should consumers and businesses be on the lookout for to safely navigate the Web as cyber criminals gear up online scams to take advantage of interest in the World Cup? We’ll look at the specific types of World Cup-related online security risks that are expected to be most prevalent — and steps to take to avoid becoming a victim or target of an attack. Businesses also should be conscious of these tactics in order to help guard their company, organization, or network, which includes educating employees who may be searching online for news and video related to the games during work hours.
SEO Poisoning
Cyber scammers will likely poison search engine results using World Cup-related headlines and videos to lead to malicious sites in an attempt to push rogue (fake) security software and other types of malware. What should you be on the lookout for? Here are three examples of search engine optimization (SEO) poisoning scenarios you may encounter if you searched for information on the recent news of Al and Tipper Gore’s separation — and how to spot the attacks.
This may look random, but the three sets of search results shown below all have something similar to the section “lkjaa.php?ssp=” in the links: .php?=. These sites all served malware.
If you click on the video window, like the one shown above, it will offer a video codec download, which is likely malware in disguise. Don’t download or run the file — navigate away from the page.
You might also be presented with a fake alert, similar to the one above, claiming that your PC is infected with malware. This is a hallmark of rogue security software. In this case, your best option is to use Task Manager to kill the browser. (When you restart your browser, opt not to reload the pages you were viewing previously; if you allow your browser to do this, the rogue installer page will reload.)
Spam with Malicious Attachments
Be wary of unsolicited World Cup-related messages with an attachment, particularly if the attached file is a PDF. One of the latest PDF attacks took advantage of an Adobe Reader vulnerability that was recently patched.
Check that all your applications and programs are patched and up-to-date. Turn on Windows automatic updates and make sure to have the latest security patches from Microsoft installed.
Targeted Phishing Attacks
Expect an outpouring in World Cup-related phishing messages themed around refunds, tickets sales and lotteries, accommodations, travel, and team merchandise. A good rule of thumb: if you receive an unsolicited message, delete it without opening.
Application Downloads
With so many viewers planning to watch the games online, malware purveyors will capitalize on ways to infect users downloading media players. It’s important to evaluate any applications that allow you to stream World Cup content before you download them.
Legitimate Sites Serving Malware
Malicious code can be hacked into vulnerable, legitimate websites in order to infect users. Legitimate World Cup-related sites will be attractive targets for cyber criminals. The best precautions include having core protection on your PC (anti-virus, anti-spyware, and firewall), and consider using an alternate browser, like Google Chrome or Mozilla Firefox, rather than Internet Explorer.
Bottom Line
Each of these types of social engineering attacks operate by enticing people to make an interactive choice, infecting your computer and, ultimately, threatening your privacy and security. As most of us are all well too aware, having reputable security software in place on our PCs is a necessary element in the battle to stay secure online.
But online safety is also about making smart choices — having a working understanding of what not to click, download, and respond to as we search for information on the Web. In today’s online world, a little extra caution and awareness may just be the difference between falling victim to an online attack and avoiding it entirely.
We can expect cyber criminals to continue hijacking current news and events to serve malware, and the FIFA World Cup is just the latest example.