The 2014 FIFA World Cup's official kickoff is later today (June 12) in São Paulo, Brazil, but for cybercriminals, the game is already on. Worldwide soccer madness is the perfect bait to get unsuspecting Internet users to click on spam or download disguised malware, so be on the lookout for suspicious-looking Web pages or online deals that'll turn you from a "soccer fan" into a "sucker fan."
For example, we've already found several websites that claim to livestream World Cup games, but ask users to download a "video player" or a "Java update" in order to view it. This is a classic malware scam — do not fall for it!
Many of these fake download scams appear in "World Cup"-related search results. Tokyo, Japan-based security company Trend Micro has detected a file called "World Cup Streaming 2014.exe" which is actually a malware backdoor, a means by which other people can remotely seize control of your system and infect it with yet more malware.
Trend Micro has also identified a supposed key generator, a piece of software for generating new product keys that let people view FIFA's official streaming content without actually paying for it. But this key generator is actually a piece of adware called "ADW_INSTALLREX."
A variation of this scam will ask soccer fans to pay online via Paypal or Moneybooks to view World Cup livestreams. We haven't checked every single instance of this setup, but the vast majority are likely to be scams. Here's an example of an unofficial site that promises access to World Cup footage for a fee:
It's not just streaming scams: Watch your email inbox for emails claiming you've won free tickets to the World Cup. In these "phishing" emails, cybercriminals use the World Cup as bait to get users to open malicious email attachments or click bad links.
"Scammers know a dream come true is hard to pass up," writes security expert Satnam Narang of Symantec in a company blog post.
Sometimes phishing emails contain links to pages that promise streaming content or things like raffles or contests. These legitimate-seeming pages will ask for users' credit-card numbers and other personal information, then never deliver on the initial promise.
Another email-based strategy is to send messages containing fake news about a specific game, team or player. Symantec has noticed a significant number of emails circulating about Brazillian soccer star Neymar da Silva Santos Júnior. His many fans might find it hard to resist an email with the subject "Whta do you think about Neymar" (even though the typo should have been your first warning), or even open an attachment in that email called "Neymar Win.docx."
But misspellings, strange document attachments and vague promises of news or drama are all serious warning signs that you're dealing with spam. To find Neymar news, Google him. Don't click any Neymar-related links — or any links at all, really — in strange emails.
Basically, if something seems too good to be true, it probably is. Don't give out your credit-card number or other online-payment information to websites you can't verify, and, as always, don't click on suspicious links or attachments in strange emails. And if you need to watch the matches online, here's our guide on how to stream the World Cup.
- Best Antivirus Software 2014
- Best Android Antivirus Software 2014
- 7 Ways to Lock Down Your Online Privacy
- Sports & Recreation