FIFA World Cup 2014 fan alert from Kaspersky
2014-07-10Kaspersky Lab experts have encountered a curious method for spreading links to a phishing page that aims to harvest users’ personal data. The web page imitates the official FIFA website and prompts visitors to sign a petition in defense of Luis Suárez, a forward for the Uruguayan national team who was recently hit with a ban and a fine for biting the shoulder of Italian defender Giorgio Chiellini. Those fans unhappy about the Uruguayan’s disqualification who add their details to the petition could potentially end up on a spam mailing list, on the receiving end of a malicious attachment or even subjected to a targeted attack.
The phishing page matches the design of the official website and all links on it redirect users to FIFA’s official site, www.fifa.com. The phishing domain was created on June 27, 2014. According to the whois database, it was registered in the name of a person residing in London. The data collection form was created using Google.Docs.
“Armed with users’ email addresses and telephone numbers, cybercriminals can conduct targeted attacks involving banking Trojans for computers and mobile devices. This technique is used to get round two-factor authentication in online banking systems in cases where a one-time password is sent via SMS,” commented Nadezhda Demidova, Content Analyst at Kaspersky Lab.
To sign the petition, the user needs to fill out a form, entering his or her name, country of residence, mobile phone number and email address. After filling out the ‘petition’ form, victims were encouraged to share a link to the page with their friends on Facebook. Unsuspecting fans shared links to the fake petition on their Facebook pages. This enabled the phishing link to spread widely across Facebook in just a couple of days. Messages with links to the phishing page were also seen on dedicated forums, which is probably how users originally reached the offending page.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.