ITB - IT Solutions for the next generation
linkedin logo twitter logo facebook logo google+ logo

World Cup Phishing

26th June 2018

As is the case with every event that whips up a media storm (think Brexit, the Olympics and Trump’s presidential race) hackers will use this to their advantage and try to dupe end users into opening emails that they shouldn’t. So, we really shouldn’t be surprised then to learn that long before a ball was kicked at the World Cup, hackers were using the occasion as a way to drop Malware onto end user devices.

Most hacker phishing campaigns rely on the author getting creative in order for their campaigns to be successful and we have seen some interesting examples recently, not only disguised as ‘official’ FIFA World Cup Emails, but many using FIFA’s partners’ as a smokescreen.

There are many different types of scam World Cup email, each with its own purpose and they all vary in terms of their severity. Some simply use the phishing campaigns to harvest end user data or to steal log-in credentials to use in other scams, whereas some are used to extort money directly from individuals.

One of the most common scam emails we’ve seen is the fake ‘lottery win’ email purporting to be from FIFA’s World Cup partners. Some of the ‘winnings’ quoted – £500,000 and £1,000,000 seem ridiculous, however they must work, otherwise why would the scammers bother?

The reason why the figure for winning is so high, is because it must be attention grabbing. Who would bother to open an email if the ‘winnings’ on offer amounted little more than your weekly shop in Tesco?

The ‘campaign’ above asks victims to download, complete and return forms detailing their name, date of birth, address, email and telephone number alongside a small fee to cover postage to receive their ‘winnings’. To you and I this is quite obviously a scam, whereas the victims may be blinded by the figures spoken about (both the potential winnings and the small amount payable) and take a calculated risk – one that we know won’t pay off.

Scammers are also using the World Cup in their subject lines to grab attention to sell non-football and world cup related wares. Researchers have discovered scammers using a World Cup subject line to sell that well known performance enhancing product Viagra.

Another common scam is online marketplace fraud offering World Cup tickets, travel packages or World Cup branded merchandise at a price too good to be true – the problem with this is that 9 times out of 10 it is!

These scams are typically delivered by email or through Social Media platforms and if users are fooled into clicking on the ‘bargain’ they’re taken to a very well put together phishing website and asked to input their contact and payment card details.

Hackers are also taking advantage of the fact that there is a high number of people registered with their international FA’s ‘fan clubs’ by producing International Football Association (FA) Club Scams. They do this by developing emails mimicking ‘official’ communication from their FA about system security.

Playing on members’ fear of missing out on critical information about tickets and travel, members will receive emails asking for Account Verification details and be threatened with full account lock out unless these details are provided. This information, if provided, of course goes straight to the hackers to be used for new scams.

The scams mentioned above are only three examples of the hundreds of ongoing scams targeting fans of the World Cup. There are a couple of common traits that seem to crop up when we scratch beneath the surface of these.

Firstly, many of the spoof sites that have sprung up have only recently been registered and to help allay the fears of individuals, the registered names tend to include words and phrases such as ‘worldcup’, ‘world’, ‘football’ russia2018 and ‘tournament’ etc. One thing to look out for in these cases is unusual extensions to the link, for example russia2018.fkouk.

Secondly, to try and assure slightly more tech savvy users of the websites validity, hackers have started purchasing cheap SSL certificates to instil and air of confidence in the site.

The exposure of the internet and email as a form of communication to such a vast number of people, 99% of whom aren’t immersed within the Information Security community like ourselves, means that the chances of these fraudulent emails being successful is a lot higher than you would think – I bet we can all think of one or two people in our immediate friends and family circle who quite possibly could fall for this type of scam? I know I can.