Phishing Operations Target Sports Fans, Consumers

June 20, 2018


Two phishing promotions have been aiming users of both the FIFA World Cup and one of its longtime associates, Adidas. One promotion tries to entice sufferers into clicking on a malevolent link under the guise of downloading a World Cup plan of matches and a result follower, while the second assures a “free” $50-per-month payment for Adidas shoes.

Today Check Point declared that it has found a new phishing promotion related to the beginning of the World Cup that targets soccer followers. An identified malware that is regularly used to connect potentially unwanted programs (PUPs) and toolbars, adware or system optimizers known as DownloaderGuide is inserted in the attachment. Scientists found nine different executable files provided in electronic mails with the topic: “World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager.”

First found on 30 May, Check Point said the campaign climaxed on 5 June, however, has re-emerged since the beginning of the games. “Events that entice massive amounts of general interest are viewed by cyber-criminals as a golden chance to start new promotions,” Maya Horowitz, Check Point’s danger intelligence group manager, stated in a press release.

“With so much expectation and publicity around the World Cup, cyber-criminals are banking on workers being less cautious in opening unwanted electronic mails and attachments. As such, it is vital that companies take steps to remind their workers of safety best practices to assist avoid these attacks being successful,” Horowitz stated.

The second phishing promotion, which aims Adidas clients, uses a different method, enticing sufferers in with a homographic link that utilizes a vertical line in place of where the “i” in Adidas must be. “The use of Punycode-based homoglyph electronic mail and web domains are an increasingly used method to deceive users in electronic mail phishing attacks,” stated Matthew Gardiner, cybersecurity specialist, Mimecast.

“Given the thousands of probable iterations of a domain that are now possible with these internationalized domain names and the thousands of accessible top-level domains that are also available, like .co, .cf, .ml and several others, there is no probability of preregistering these domains to keep them out of the hands of the bad actors. The lone sensible approach is to have automatic electronic mail safety controls to find these kinds of impersonation attacks to safeguard your business. Supposing your users to figure it out is increasingly impractical,” Gardiner stated.