Security researchers at Check Point have uncovered a World Cup wallchart phishing scam that is being used to deliver malware to soccer fans’ devices.
The campaign involves specially crafted email messages with the subject line:
World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager.
Email recipients are encouraged to open and install a malicious FIFA World Cup schedule and results checker that is attached to the email. The email recipients are told that the attachment will allow soccer fans to easily keep track of the games and the results.
However, the email attachment delivers far more than the message suggests. Opening the email attachment will install a malware variant called DownloaderGuide, which in turn will install a variety of malicious software. DownloaderGuide is often used in phishing campaigns to spread adware, install toolbars, system optimizers and other unwanted programs. Check Point researchers identified several messages that are being used in the campaign, with a variety of different executable files attached to the email.
The phishing campaign was first detected on May 30, 2018, although now the World Cup has started the volume of malicious messages has increased considerably.
This is one campaign of many targeting World Cup fans. There have already been many World Cup phishing campaigns already detected that aim to steal credentials or fool soccer fans into installing malware or ransomware.
Any major sporting event sees phishers and other cybercriminals take advantage, and events as massive as the World Cup even more so. Billions of people will be watching the tournament, with an estimated 3.2 billion people having watched the 2014 World Cup final.
With so many soccer fans keen to see the games on TV and follow World Cup news, and an estimated 5 million fans travelling to Russia to see the games live, World Cup themed phishing attacks and other World Cup scams are understandably rife.
With the soccer tournament continuing until mid-July, there are likely to be many more campaigns launched over the coming days.
Soccer fans should therefore be extremely vigilant and follow security best practices to avoid becoming a victim of one of these attacks. Those best practices include:
- Never opening an email attachment from an unknown individual
- Never clicking hyperlinks sent in emails from unknown senders
- Never disclosing sensitive information on World-Cup themed websites
- Stop and think about any email request and consider that it could be a scam
- Beware of fake websites with offers that seem too good to be true
- If considering purchasing a ticket for a match, only use the official FIFA website
- Ensure your operating system and all software – including browsers and browser plugins – fully up to date
- Ensure AV software is installed and is set to update automatically
- Take care when connecting to Wi-Fi networks, especially in Russia. Insecure hotspots allow man-in-the-middle attacks to take place and many fake hotspots are expected to be set up to catch out the unwary
- If visiting Russia for the games, consider leaving portable electronic devices at home. If that is not possible, ensure they are not configured to connect to Wi-Fi networks automatically