How to avoid a security own goal during the World Cup

Whether you’re a die-hard fan or only ever watch the odd international match, many of us enjoy the excitement around the World Cup: no one more so than cyber criminals who see popular events like this as their ticket to a quick profit.

From emails sharing a video of that injury to an app to track your team’s progress – the opportunities for attackers to steal data and compromise devices are everywhere. So what should you be on the lookout for and how can you stay safe?

Phishing

This includes lottery entries and competitions with links directing users to videos of exciting moments: cyber criminals will try a range of lures to encourage people to part with personal details or open attachments and web pages hiding banking or cryptocurrency mining malware. Researchers at one anti-virus company have already reported a spike in World Cup related phishing and this is likely to continue throughout the tournament. 

Watering Holes

In a watering hole attack, a website is compromised and used to serve up malware to site visitors, exploiting a wide array of vulnerabilities in order to avoid detection by security tools. Creating such a website – for example, with a topical theme such as the World Cup – is an effective way of infecting victims. This technique is commonly used by advanced threat groups in order to introduce espionage malware into a target network.

Malvertising

These online advertisements are used to spread malware, either by downloading when clicked or by redirecting users to a site hosting the payload. Alternatively, vulnerabilities in popular multimedia applications are exploited, allowing malware to be downloaded without any interaction. As users are expecting to see World Cup advertising they are less likely to be cautious when following links.

Fraudulent Apps

Following your team’s progress has never been easier, with a range of smartphone apps that will push notifications for all the action. Users will often search for new applications, some of which may be fraudulent and used to harvest confidential information and install malware, including banking Trojans and spyware.

These threats are faced by individuals and companies alike. Employees accessing World Cup information through corporate devices and networks can result in increased malware incidents, resulting in financial losses, both for affected individuals and organisations.

Prudent security measures include:

• Providing staff with links to legitimate and trusted online resources to check for updates without putting the organisation at risk.
• Exercising caution when opening attachments and clicking on links received by email, particularly if they are unexpected or from an unknown sender.
• Ensuring anti-virus programs are up-to-date and heed browser security warnings when visiting websites, even those you’ve visited before.
• Using an ad-blocker to avoid compromised advertisements.
• Using only legitimate marketplaces to install mobile apps and consider using anti-virus on mobile devices.

Most of all, be cautious.

If it looks too good to be true, sadly, it probably is.