Fans targeted by phishing campaign as World Cup gets underway
As the FIFA World Cup tournament enters its second week, cybercriminals are using a phishing campaign to trick fans into opening an infected attachment.
Emails identified by Check Point attempt to lure would-be victims into downloading a schedule of fixtures and a result tracker, but doing so will prove to be an own goal.
When opened, the attachment uses a malware variant called 'DownloaderGuide,' a known downloader of potentially unwanted programs (PUPs) that is most commonly used as an installer for applications like toolbars, adware or system optimizers.
Check Point researchers have found that in total the campaign includes nine different executable files, all of which were sent in emails using the subject line: 'World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager.' First spotted at the end of May, the campaign peaked on June 5, however, during the past week it has gained new momentum as the competition has got underway.
"Events that attract huge amounts of popular interest are seen by cyber-criminals as a golden opportunity to launch new campaigns," says Check Point's threat intelligence group manager, Maya Horowitz. "With so much anticipation and hype around the World Cup, cyber-criminals are banking on employees being less vigilant in opening unsolicited emails and attachments. As such, it is critical that organizations take steps to remind their employees of security best practices to help prevent these attacks being successful."
In order to protect them selves from online scams during the tournament, Check Point advises fans to keep their software updated, look out for fake sites, beware of messages from unknown senders, and take care using public Wi-Fi.
Horowitz adds, "In addition to this, organizations should also take steps to ensure that phishing campaigns don't reach inboxes in the first place. This should include employing a multi-layered cybersecurity strategy that protects against both established malware families’ cyber-attacks and brand new threats and prevents it from spreading across the network in the result of the initial campaign being successful."