Major sporting events, especially the FIFA World Cup, bring with them an astronomical amount of attention worldwide. It only makes sense with soccer being the top sport globally that this attention can be tantalizing to criminals as well. There are many different types of scams that emerge during major sporting events, and phishing campaigns are absolutely a part of this threat landscape. As reported in a blog post by researchers at Check Point, it was detailed how cybercriminals are leveraging World Cup fever to their advantage via phishing emails. The World Cup phishing campaign specifically focuses on the overwhelming amount of confusion that follows typically from trying to find all of the different match fixtures for the World Cup telecasts. Banking on this confusion, threat actors are sending out phishing emails with an attachment claiming to be a schedule for upcoming matches.
The attachment is labeled as “World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager,” but instead, according to Check Point, it is a malicious attachment. Once the attachment is downloaded, a malware variant called “DownloaderGuide” is installed on the victim’s machine. Check Point describes DownloaderGuide as “a known downloader of potentially unwanted programs (PUPs) that is most commonly used as an installer for applications such as toolbars, adware or system optimizers.”
It may seem pretty obvious to some that opening random attachments is never a good idea, but this won’t stop many from doing so. Especially with an event like the FIFA World Cup that attracts millions from around the globe, it is simply a reality that this phishing campaign will have some measure of success. Some folks just aren’t as cautious as they should be when receiving emails (especially when it involves a topic that interests them).
The only thing that will prevent the success of the World Cup phishing campaign, much like any phishing campaign, is common sense and intelligent defensive cybersecurity measures. Don’t open emails from unknown sources, keep robust AV scanning software on your machine, and ultimately try to stay up-to-date on the most current cybersecurity scams occurring.
Well done Derek Kortepeter 🙂 keep up the good work.