March 17, 2014
The ESET Latin America Research Laboratory detected a phishing campaign that offers a false contest to witness the championship matches
The 2014 Soccer World Cup, which will be held in June in Brazil, is getting closer and closer and cybercriminals are already taking advantage of its massiveness to deceive users in the region. The ESET Latin America Research Laboratory has detected a phishing campaign that, through a fake email, presents a contest for 2,000 people to attend the “game of their lives”.
Upon entering the “PARTICIPATE” section, a registration screen requests the user’s personal data to be part of the contest; interestingly, the information requested includes bank credentials.
Like any other phishing campaign, it seeks to reach as many users as possible by taking advantage of the popularity of an event or service, in this case the World Cup.
Although visually it seems real, the access address in the image does not appear to be true. When clicked, you are redirected to a site that appears to be from a well-known technology company, but the URL does not use HTTPS.
It is important to note that the renowned technology company that this phishing falsifies actually has a raffle where it intends to raffle 2,000 entries to the World Cup, which is available on its official site. However, this does not require bank credentials.
“It is always good to take into account what type of information they ask us when participating in a contest: we should not give a credit card to do it, since only a contact such as telephone or e-mail is enough”, said Raphael Labaca Castro, Coordinator of Awareness & Research at ESET Latin America. And he added: “Less than 100 days after the soccer World Cup begins in Brazil, there are more and more threats that take advantage of this issue. Since the host country is well known for its passion for soccer, Brazilian users are more exposed to these deceptions because the search for tickets and information increases every day ”.
The expert also recommended “paying close attention to the sites accessed and using an updated security solution, so that in cases like this it blocks access to the fraudulent site.”
[+] Videos de nuestro canal de YouTube