The FIFA World Cup has been targeted by cyber attacks which threaten the tournament.
For the wary fan the key thing is not to become a victim yourself, so here are the seven biggest threats to customers and companies alike during the Brazilian tournament.
1) Ticket scamming
Customers of a Brazilian ticket website were treated to fake raffle emails linking them to Trojan files, in a scam discovered by security firm Trend Micro. What was impressive about the messages is that they contained many customer details, including addresses, gender and birth dates – although the ticket vendors insist it did not come from their system.
"Banking Trojans are popular in the Latin American region so this threat seems rather timely considering the World Cup fever," said Fernando Mercês, senior threat researcher at Trend Micro. He added that the Brazilian legal framework on data protection is pretty lax, with companies not even obliged to inform their customers about data breaches. As such customers must be sure to check where they are surfing is legitimate.
2) Phishing
Some techniques never go out of style, and phishing is just one classic that is being reused for the World Cup. Security firm Kaspersky discovered several Brazilian phishers registering domain names for branded credit companies and online stores, before sticking up a professional looking website and even purchasing verified SSL certificates.
"Brazilian cybercriminals are taking advantage of the fact that it so easy to buy SSL certificates," said Fabio Assolini, Kaspersky lab expert. "If you are planning to travel to Brazil for the World Cup or following it online, be secure – don’t trust any messages you receive, and double-check before clicking links."
3) Malvertising and spam
Readers of CBR will be used to reports of malvertising, in which unknowing customers are sent to sites that download malware onto their computer, often without them clicking anything besides the advert. Unsurprisingly security firms Symantec and Trustwave have already spotted a couple of campaigns to this end, with a prominent example being posted on Brazilian sports publication Lance.
Content from our partners
Satnam Narang, a security response manager at Symantec, said: "The most common scam around the World Cup involves free tickets. After all, what fan would not want an all-expenses paid trip to Brazil?" He warned fans of the dangers of free streaming services circulating on social networks, another potential line of attack.
4) Anonymous "malware trap"
In an interview with Reuters an alleged member of Anonymous known as Che Commodore outlined some of the group’s plans for the World Cup, with threats levelled against Coca-Cola, Sony, McDonalds, Visa and Adidas. "We have already conducted late-night tests to see which of the sites are more vulnerable. We have a plan of attack," he said.
This led Ashish Patel of security firm McAfee to speculate that Anonymous had already laid a "malware trap" for many of the firms by penetrating company networks and setting up viruses that will be deployed later. As it is commonplace for companies to take weeks and sometimes months to spot breaches, this is entirely plausible.
5) Football apps
The London Olympics saw a number of malicious apps emerge to try to capitalise on the sporting hype. In that same vein Avast found a selection of apps from a mysterious developer called VinoSports, including Corner Kick World Cup 2014, lightweight at only 1MB. "What kind of game can you expect from an app this size?" asked Filip Chytry of security firm Avast.
"Apps that access more information from your phone than they need to function seem harmless, especially since there is no visible evidence of this happening, but they can cause more harm than you may think," he added. The firm warns users not to download apps from unofficial sources, and compare the functions of apps to the permissions they request.
6) Insecure Wireless
Data roaming charges being so high, many travellers prefer to use free wireless connections to communicate, a potential goldmine for the eager hacker. Security firm Kaspersky decided to take a drive around Sao Paulo, the venue for the first game between Brazil and Croatia, to see how safe it was.
"After analyzing more than 5000 different access points, we found that at least 53% of them have the WPA2 authentication, which is good," said Dmitry Bestuzhev, a lab expert from the firm. "However the really worry comes from the fact that 26% of all networks are completely open and don’t use any encryption." The best practice is to use wireless guardedly.
7) Card fraud
Hackers tend to be motivated by profit, as was revealed by Verizon’s latest big report on cyber crime. The prospect of thousands of tourists drawing money from cash points and paying by credit cards will likely prove too much for many to resist, especially since the Brazilian central bank say cards count for 70% of payments within the country.
Tourists are advised not to hand their cards to staff, but ask for the terminal to be brought to you instead, reducing the risk of card cloning. It is also best to check your card statement carefully while travelling, as malware installed on point-of-sales devices can also be used to defraud you. Those using cash points should also be wary of card skimmers, covering their hand when entering PINs as a safety measure.
