The final whistle has blown at football’s 2010 World Cup and while Spanish/Dutch fans bask in the reflected glory of their team’s victory, cyber sleuths have their magnifying glasses trained on identifying online criminal activity and trends directly related to the tournament.
 
2010 has, according to Kevin Hogan, senior director, development at Symantec, confirmed a shift over the past three years from criminals using sex as a lure to entrap unwary online users to a focus on news related to major global events.

“What we’re seeing are variations of the age-old social engineering scams,” he said.

“Where cybercriminals once used people’s interest in sex to trick them into opening spam e-mails or clicking on malware infected sites, today the trend is to exploit our fascination with celebrities, global news and sports.”
 
Perhaps the most prolific offenders are the e-mail spammers, with millions of fans being targeted in the run-up to and during the World Cup. Security researchers identified countless messages with a 2010 or football theme that proved to be thinly disguised links to shady merchant sites.
 
Symantec’s July “State of Spam and Phishing” report reveals that the volume of messages with World Cup keywords in the subject line is more than nine times higher during this tournament compared to Germany 2006.

There’s also been a substantial increase in gaming sites and betting brands that have been ‘spoofed’ to capitalise on the popularity of the World Cup.
 
“We’ve also seen a marked spike in the number of World Cup-related 419 or advance fee frauds where users are informed they have won a sum of money in a lottery and tricked into paying an advance fee or deposit to claim their prize,” said Hogan.

“The latter are generally quick, ‘take your money and scarper’ scams and, therefore, it is difficult to track down the criminals. While it’s virtually impossible to estimate the profits made in these simple scams, the fact that they continue to proliferate leads one to assume they must be extremely lucrative.”
 
2010 also marked the first time that football fans were able to make use of social networks to boost their experience.

This led to an unprecedented surge in Internet usage during the tournament. Comments Hogan: “We’ve noticed a definite increase in malicious activity around social networking sites as cybercriminals moved to exploit their increasing popularity among football fans.
 
“Interestingly, this activity was far higher than that recorded during the Winter Olympics held just a few months earlier. While it’s hard to quantify the reason for this, the current best thinking puts it down to the differing demographics of the two events,” continued Hogan.
 
Search engine optimisation (SEO) poisoning where cybercriminals use popular search terms to push their infected sites higher in the rankings of popular engines also experienced a surge during the World Cup: “This has become a common method for the distribution of fake security software and the Symantec Security Response team has seen a major increase in the number of counterfeit topics being identified - from one every couple of days to one every couple of hours!” said Hogan.
 
Finally, 2010 saw a small increase in the average number of targeted, malicious e-mail attacks.

Cited by experts as the most damaging type of Internet threat, a targeted attack is designed to target a specific individual or organisation.
 
Targeted attacks often use legitimate details in the e-mail, but urge recipients to open a malicious attachment, which will compromise their PC or network in some way.
 
“Targeted attacks are very different to the other common scams in that the attackers often do not know exactly what they’re looking for but target specific persons in an organisation who they believe have access to information that could be of value,” Hogan commented.

“As such, these are less likely to rely on sporting events as a social engineering hook, but could be disguised as financial or stock market reports that could interest a chief financial officer, for instance.”
 
That said, in June, Symantec identified a run of 45 World Cup-related, targeted malware e-mails en route to a number of Brazilian companies, including chemical, manufacturing, and finance firms.
 
“One thing that has become clear during the2010 World Cup is that fans who employed legitimate, updated security software have enjoyed a high measure of protection against all the above-mentioned malicious activities,” concludes Hogan.

“It’s unlikely, however, that malicious activity surrounding the event will die down for a while yet, so football fans are advised to continue to exercise caution online.”