By : Mohamed ElKholy
Sporting events, just like any major events, are a fine bait for users with cyber fraud surrounding races, football championships and other sports flourishing in the past few years. While usually phishing and various spam activity pop up just as the event approaches or even when it is happening, there are exceptions.
The World Cup is slated for far-off in November 2022, yet cybercriminals are already using the event to target football fans and businesses alike. In the course of two months – from 15 of August to 15 of October 2021 – Kaspersky detected 11,000 fraudulent emails that used the World Cup as a lure.
The emails mostly contained fake business offers – inviting the recipients to participate in a bid for supplying the world’s biggest football event. This is a new tactic not typical of sports-related fraud. With the World Cup being a historical event and often having a major economic impact on the host countries and suppliers involved, it is clear why such a lure could be deemed effective.
Examples of spam-emails inviting the recipients to a fake tender
Other emails were targeting regular users from various countries, claiming that they have been selected to participate in an exclusive giveaway or receive an amount from a fund created in the name of the World Cup.
In both cases, most likely, the recipients would have been asked to pay a small commission to take part in the bidding or giveaway, with no results ever coming forth. In some examples we have seen, the users were offered to fill out the form.
Some of the spam emails detected also contained malicious attachments. Besides emails, users also downloaded malicious documents from the Internet. Kaspersky detected a total of 625 attempts to infect users with files named after the World Cup in 2021.
The majority (97%) of attacks were carried out using hoax Word documents that contained false information, most often inviting users to share their personal data. Other threats included AdWare, which produces invasive advertising, Trojan password stealers, which are capable of gathering login info to different devices and Trojans – programs that can carry out various tasks on an infected device remotely.
The recipients of this Hoax Word document were invited to share their personal information in order to claim their prize, while in fact they were simply giving their information away.
“The excitement around major events – especially the ones taking place offline, is exploited by scammers on a regular basis to gather personal information and money from users. We see fraudsters trying to profit from events long before they happen and the World Cup serves as a prime example of this trend.
It is over a year until the championship kicks off in Qatar, and yet, cybercriminals are already jumping on this topic with new tactics targeting businesses in particular. We anticipate that, as we near the event, there will only be more schemes that try to exploit the World Championship.
We encourage users to be attentive when they receive offers that seem too good to be true and carefully check the validity of the messages they receive,” comments Tatyana Shcherbakova, Security Expert at Kaspersky.
To avoid falling victim to a scam, Kaspersky advises users to:
· Check the sender’s address. Most spam comes from email addresses that don’t make sense or appear as gibberish – for example, amazondeals@tX94002222aitx2.com or similar. By hovering over the sender's name, which itself may be spelled oddly, you can see the full email address. If you’re not sure if an email address is legitimate or not, you can put it into a search engine it to check.
· Consider what kind of information is being requested. Legitimate companies don’t contact you out of the blue via unsolicited emails to ask you for personal information such as banking or credit card details, Social Security number and so on. In general, unsolicited messages telling you to 'verify account details' or 'update your account information’ should be treated with caution.
· Be wary if the message is creating a sense of urgency. Spammers often try to apply pressure by creating a sense of urgency. For example, the subject line may contain words like “urgent” or “immediate action required” – to pressure you into acting.
· Grammar and spell check is an effective way to identify a scammer. Typos and bad grammar are red flags. So, too, are odd phrasing or unusual syntax, which might result from the email being translated back and forth through a translator several times.
· Use a reliable security solution, such as Kaspersky Security Cloud, that identifies malicious attachments and blocks phishing sites
To avoid falling victim to spam or phishing emails, Kaspersky recommends organizations to:
· Provide your staff with basic cybersecurity hygiene training. Conduct a simulated phishing attack to ensure that they know how to distinguish phishing emails
· Use a protection solution for endpoints and mail servers with anti-phishing capabilities, such as Kaspersky Endpoint Security for Business, to decrease the chance of infection through a phishing email.
· If using Microsoft 365 cloud service, don’t forget to protect it too. Kaspersky Security for Microsoft Office 365 has a dedicated anti-spam and anti-phishing as well as protection for SharePoint, Teams and OneDrive apps for secure business communications.