- City Fajr Shuruq Duhr Asr Magrib Isha
- Dubai 04:32 05:49 12:21 15:48 18:47 20:04
A tourist jokes in front of an advertisement with the portrait of Uruguay's forward Luis Suarez at Copacabana beach in Rio de Janeiro, Brazil, on June 26, 2014. (AFP)
With Brazil’s pathetic World Cup exit and Neymar’s absence still hogging the headlines, Luis Suárez could be out of the headlines for a while but that has not stopped spammers from using him to gain crucial details.
Links to a phishing page that imitates the official Fifa website prompts visitors to sign a petition in defence of Luis Suárez, the Uruguayan star who was banned for biting Italian defender Giorgio Chiellini.
Fans are asked to enter their personal details in a petition and then your email goes viral. Cybercriminals can even conduct targeted attacks involving banking Trojans for computers and mobile devices, said online security analyst Kaspersky Labs.
The petition requires a user to sign in with details such as name, country of residence, mobile phone number and email address.
The petitioner could potentially end up on a spam mailing list, on the receiving end of a malicious attachment or even subjected to a targeted attack.
The phishing page matches the design of the official website and all links on it redirect users to Fifa’s official site (www.fifa.com). The phishing domain was created on June 27, 2014. According to Kaspersky, the whois database was registered in the name of a person residing in London and the data collection form created using Google.docs.
“Armed with users’ email addresses and telephone numbers, cybercriminals can conduct targeted attacks involving banking Trojans for computers and mobile devices. This technique is used to get round two-factor authentication in online banking systems in cases where a one-time password is sent via SMS,” said Nadezhda Demidova, Content Analyst at Kaspersky Lab.
It is not just the one who signs the petition but everyone on their contact list could be affected by the attack. The link managed to spread widely across through Facebook thanks to petitioners who shared the link on the social networking site.
“Unsuspecting fans shared links to the fake petition on their Facebook pages. This enabled the phishing link to spread widely across Facebook in just a couple of days. Messages with links to the phishing page were also seen on dedicated forums, which is probably how users originally reached the offending page,” the alert said.
The Fifa World Cup related scams have been active for quite a while. In January fake letters were sent on behalf of the site copa2014.gob.br, the official contact channel of the Brazilian government for the Fifa events, and the recipient was congratulated on winning two tickets for the World Cup.
In order to print off the tickets, the user had to click the link in the message. If the user fell for the scam, a Trojan-Downloader appeared on the user’s device, which then downloaded a virus that not only used to download and launch unknown files without notification but also infects connected USB flash drives.
To make the emails appear more authentic the scammers used the World Cup logos and used what appeared to be a genuine address in the sender field.
Follow Emirates 24|7 on Google News.