When I think of the World Cup, there is always one colleague that comes to mind who I am convinced plans his vacation time around this global event. In fact, this year he is flying to Chicago to watch the opener with an old friend. Personally, soccer (or football as it is known to the rest of the world) for me consists of my son’s games for the youth league in town, but for the rest of the people on this planet, it is THE sporting event to watch. Due to the World Cup being recognized and celebrated as such, it is the perfect opportunity for cyber criminals to cast their nets wide in hopes of drawing in identity theft victims.
In anticipation of the global sporting event of 2014, let’s take a look at some of the potential fraud scams for which consumers and businesses alike should be on the lookout.
- Fake mobile apps. All you need to do is go into any of the major app markets, type in World Cup 2014, and an unlimited number of options will come up in your search. While most of these apps are likely legitimate, you run a chance that it could be a rogue app that could lead you to a malicious site intended to steal your personal information. When downloading any app related to the World Cup, be cautious of things such as the types of permissions it requests and if it tries directing you to an unusual website.
- Phishing emails. There are many well-known consumer brands sponsoring the World Cup. Often, cyber criminals will attempt to abuse these brands knowing the trust that we as consumers place in them. Some of the most common scams I have seen are disguised as customer satisfaction surveys that promise a financial incentive credited directly to your bank account if you provide feedback on their product/service. Beware of fake emails purporting to be a communication from a World Cup sponsor.
- Phishing on your mobile phone. This is a threat often referred to as “smishing,” or SMS phishing. Essentially, it is a phishing message sent via text to your mobile phone. If you get any unsolicited text messages to view a video or enter a contest related to the World Cup, delete it immediately.
- Fake promotions/sweepstakes. If the subject line screams, “You won tickets to the World Cup,” or something similar, more than likely it is a phishing email trying to lure you to a site to input personal or financial information or attempt to get you to download malicious software on to your PC. Think about it: do you remember even entering a drawing to win the prize?
- Credit card theft. Whether ordering merchandise online or attending the event in person, consumers need to be aware of the various threats to their credit card information. If ordering merchandise online, try to stick to shopping at large, reputable merchants who are usually known to invest in having the strongest protections in place to protect consumer credit card data. If attending the event in person, try to use cash whenever possible to avoid the risk of credit card skimming at ATMs and Point-of-Sale (POS) terminals.
- False ticketing. Events like the World Cup are prime opportunities for cyber criminals to sell fake tickets for diehard football fans. So if you’re considering a spontaneous trip to Brazil to catch the action live and searching for last minute ticket deals, be very cautious and ensure you are buying them from a legitimate, well-known website that offers fraud protection, regardless of how good the deal is on the other website.
- Search engine poisoning. This is often called SEO poisoning where cybercriminals essentially “poison” search engines to make sure their malicious websites appear higher in the results for the most commonly searched terms. So if you are unable to catch the live action but still want to tune in to check the latest scores and developments, when using a search engine to get the most recent updates, ensure you are being directed to a website that is legitimate.
- Trojans and malicious software. Big events like the World Cup are often used as the launching pad for cybercrime campaigns designed to distribute Trojans and other malware to masses of consumers worldwide. Sometimes, the scam comes via a phishing email or on popular social networking sites (via a shortened link), and is often an invitation to view an exclusive video or behind-the-scenes footage. Once you click to view the video, it is common for the Trojan or malicious software to be disguised as an update for your Flash player or other media viewing software. So be careful of any websites that prompt you to update software. While you might think you are downloading an update to common software, you could actually be downloading a Trojan.
This is just a short list of some of the most common ploys cybercriminals are formulating in their bag of tricks to take advantage of the global popularity of the World Cup. I am not writing this with any intention to instill paranoia in consumers, but rather to raise awareness so that when you receive a suspicious email or download an app or visit a site to catch the latest World Cup developments, you will be mindful of the risks.
One final note: while we don’t want our personal or financial information compromised and will go to great lengths to protect our own exposure to identity theft, we often forget how we could be putting our employers at risk. Now don’t pretend like you aren’t going to be monitoring the scores in between your daily meetings. If you are passionate about the World Cup like my colleague I mentioned in the opening, you will be doing so. And just as you wouldn’t want to have a Trojan on your personal PC, be thoughtful about what you do while at work as well because that same Trojan that hungers for your bank account number is likely also capable of stealing proprietary corporate data.
Find out your identity risk score today. Take the challenge.
For all the latest cybercrime developments, visit www.emc.com/onlinefraud today.