The world is waiting with bated breath for the 2014 FIFA World Cup to kick off in Brazil this week, and right on cue, fraudsters are hoping to deal unsuspecting fans a hat trick of scammery.
Anti-virus firm Symantec has already identified several World Cup scams, including dubious emails promoting free tickets to the tournament – which of course end up containing a malicious zip file instead. The latest campaign is serving up a remote administration tool (RAT) known as DarkComet.
“The most common scam around the World Cup involves free tickets,” explained Satnam Narang, a Symantec researcher, in a blog. “After all, what fan would not want an all-expenses paid trip to Brazil? Scammers know a dream come true is hard to pass up and circulate emails promising everything imaginable.”
Also, emails containing news and highlight reels about World Cup teams and players are being used to entice users to open up malicious attachments or click on malicious links.
“Emails are currently circulating about Neymar da Silva Santos Júnior, a young star player with the Brazilian national team,” Narang noted. “The email contains a malicious word document that exploits a known vulnerability in Microsoft Word. Interest in players like Neymar and others like Argentinian national star Lionel Messi are used as the bait by scammers targeting victims, whether through email or social networking services.”
Once the World Cup begins, Symantec warns to beware scams claiming to offer free live streams of the action. These may ask marks to fill out a survey or download and install software before they can unlock access to the live stream – all of which is a gateway to malicious activity.
“As we have observed in the past, once the World Cup begins, there will be scams circulating on social networks that claim to offer free live stream of various matches, especially the final games,” Narang said. “These scams may ask you to fill out a survey or download and install software before you can unlock access to the live stream. Be skeptical—these enticements are just tricks to put money into the pockets of the scammers.”
Instead, fans should look to legitimate sources, like ESPN, which will offer live streams for subscribers in the US, and the BBC, which has streaming for the UK. Others should check their local service providers to see where and when you can catch World Cup games online.
These are not the only security risks associated with the world's largest sporting event. To otherwise keep a “clean sheet” against those who would exploit one’s love of the beautiful game, fans should stick with authorized and trusted sources for tickets, news and information.
“Remember that free stuff is never free,” Narang said. “If you receive an email or a link on a social network offering free tickets to the World Cup, recognize that it is most likely a scam. If you are interested in what is happening with your favorite World Cup teams or players, please visit the official news websites for information and avoid randomly found or unknown sources.”
And, of course, users should be sure to have applied all the latest patches and security updates for their operating systems and software applications.