After a couple of days’ hiatus, the 2014 FIFA World Cup is back in action as teams head into the semifinals of the world’s most popular sporting event. But fraudsters have been playing their own version of the beautiful game for months, using fan interest in superstars like Cristiano Ronaldo and Lionel Messi to serve up malware and phish information. A new World Cup-related lure has surfaced in the form of Luis Suárez, the talented Liverpool Reds star who played for the Uruguay national team in the tournament before being banned for months for biting.
Suárez, who has two previous biting incidents on his record, was banned by FIFA for chomping the shoulder of Italy defender Giorgio Chiellini – he will miss nine official matches for the national team and is banned from all football-related activity for four months. He also spawned a raft of internet memes, featuring his head Photoshopped onto various predators like Jaws, a T-Rex and others.
Suárez has his defenders though, and cybercriminals know this. Kaspersky Lab has uncovered a phish in the form of a page purporting to be part of the official FIFA website. Visitors are asked to sign a petition in defense of Suárez, asking users to fill in his or her name, country of residence, mobile phone number and email address.
“The phishing page matches the design of the official website and all links on it redirect users to FIFA’s official site, fifa.com,” explained Kaspersky Lab researcher Nadezhda Demidova, in an analysis. “The data obtained from the form can be used to send spam, phishing and SMS messages, as well as malicious apps. In addition, armed with users’ email addresses and telephone numbers, the cybercriminals can conduct targeted attacks involving banking Trojans for computers and mobile devices. This technique is used to get round two-factor authentication in online banking systems in cases when a one-time password is sent via SMS.”
After filling out the ‘petition’ form, victims were encouraged to share a link to the page with their friends on Facebook. Of course, unsuspecting fans did indeed share links to the fake petition and enabled the phishing link to spread widely across Facebook in a matter of days.
“Messages with links to the phishing page were also seen on dedicated forums, from which users probably reached the phishing page originally,” she said.
As ever, web surfers should be highly suspect of anything that asks for one’s personal information online; should always double-check URLs to see if they’re official, and avoid clicking on links from unknown sources. And it’s critical to remember: anything that’s popular online or in culture will bound to be popular with cybercriminals too.