Cybercriminals bet on World Cup profits
Poisoned search engine results and phishing attacks have already been uncovered
With all eyes now on the upcoming 2010 FIFA World Cup, cybercriminals are trying to profit from the tournament in every possible way - from poisoning search engine results to taking advantage of the Visa brand, one of the tournament's six global partners.
Visa recently announced a ‘Go Fans' promotion where card holders had the chance to win a trip to South Africa to watch the 2010 World Cup matches. Cybercriminals, realising an opportunity to cash in, devised a phishing attack around Go Fans by setting up a fake website, designed to look legitimate, and asked unsuspecting users to fill in all their Visa card details in order to ‘register' for the promotion.
"Visa's security team is actively working with the appropriate organisations to shut down this site," said Symantec researcher Samir Patil. "Users are advised to refrain from clicking on unsolicited e-mail unless it is from authorised or official sources."
But that's just one type of threat that's been uncovered so far in connection with the World Cup.
"Historically, hackers have attempted to hijack traffic from popular Websites, and the FIFA World Cup will be no exception," said Derek Manky security researcher at Fortinet. He adds that social engineering attacks and email based spam are to be expected but search engine optimisation (SEO) type attacks are more worrying.
These work by getting search engines to feature malicious sites on the top set of results once a user searches for specific keywords, like match information for example.
"SEO attacks can be dangerous because they are often user-initiated, unlike many other solicited attacks seen in the wild," Manky added.