Cyber Criminals use Suarez Lure For World Cup Phishing


Trying to cash in on the ongoing
football World Cup frenzy, cyber
criminals have come up with a
webpage that imitates the original
FIFA website, which has been
designed for phishing activities,
according to Russian cyber security
solutions provider Kaspersky.
As

Firstpost.com
 Reported: Phishing
is a form of Internet fraud in which
criminals create a fake copy of a
popular site (an email service, an
Internet banking website, a social
networking site) and lure users to
these rogue web pages, who
unsuspectingly enter their log-in
information.
Kaspersky noted that cyber criminals
used the ban imposed by FIFA on
controversial Uruguayan forward
Luis Suarez for the phishing
activities. Suarez was banned for
biting Italian defender Giorgio
Chiellini.
The web page imitates the official
FIFA website and prompts visitors to
sign a petition in defence of Suarez.
Those fans who are unhappy about
the Uruguayan’s disqualification and
add their details to the petition
could potentially end up on a spam
mailing list, on the receiving end of a
malicious attachment or are even
subjected to a targeted attack, the
firm said in a statement.
“The phishing page matches the
design of the official website and all
links on it redirect users to FIFA’s
official site, www.fifa.com. The
phishing domain was created on
June 27, 2014,” it said.
To sign the petition, the user needs
to fill up a form by entering his or
her name, country of residence,
mobile phone number and email
address. After filling out the
‘petition’ form, victims are
encouraged to share a link to the
page with their friends on Facebook.
“Unsuspecting fans shared links to
the fake petition on their Facebook
pages. This enabled the phishing
link to spread widely across
Facebook in just a couple of days.
Messages with links to the phishing
page were also seen on dedicated
forums, which is probably how
users originally reached the
offending page,” Kaspersky said.
According to the Whois database, it
was registered in the name of a
person residing in London. The data
collection form was created using
Google Docs.
“Armed with users’ email addresses
and telephone numbers, cyber
criminals can conduct targeted
attacks involving banking Trojans
for computers and mobile devices.
This technique is used to get round
two-factor authentication in online
banking systems in cases where a
one-time password is sent via SMS,”
Kaspersky Lab Content Analyst
Nadezhda Demidova said.
Source
firstpost.com