Considering the number of scams popping up that use the FIFA World Cup as part of their social engineering scheme it would appear cybercriminals have been preparing for the tournament for as long as the teams now competing in Russia.
IBM and Check Point each have noted several scams being run that bank on World Cup fans simply clicking through and paying no attention as to whether or not they are legitimate, even though clues indicating they are being targeted for a scam are quite obvious.
IBM's X-Force came across several scams with most telling the recipient that they had won upwards of $1 million and in a few cases, the criminals tied that bit of subterfuge to Coca-Cola, which is an official World Cup sponsor, to help make the offer legitimate. The attack picked up by Check Point uses an infected World Cup app to download PUPs.
The first cybercriminal group looked at by IBM is sending out plain-text phishing emails, which come from a Yahoo email address, stating the recipient has won $1 million in a Coca-Cola sponsored lottery and all that needs be done to collect is fill out and send back a form that requests some PII, according to IBM's X-Force. The email contains a variety of data points, such as the winning numbers, reference numbers, and a fake security code. It is also signed by a person who supposedly works for Coca-Cola as the fund processing manager who will be the person to disperse the winnings.
However, when the target clicks on the URL to obtain their money they are sent to a fake Coke website.
Other emails being sent also promise a payout with some using a FIFA domain in the sender field, but instead of becoming rich anyone who responds is instead lured into an extensive email conversation with the criminal who then tries to obtain PII or in some cases a small amount of money that they promise is needed in order to release the big prize.
As with the text email, each of the scams IBM spotted contains several dead giveaways that an alert person should quickly notice. In addition, to reply email addresses that go to Gmail and Yahoo accounts, the text in many of the notes is stilted with typos and punctuation errors.
Check Point also came across a phishing scheme targeting fans who are interested in keeping up with game scores from their phone. The email has the subject line World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager is supposed to contain a tournament schedule along with scores. However, when opened it activates what Check Point researchers said is the malware variant called DownloaderGuide. This is a known downloader of PUPs that is most commonly used as an installer for applications such as toolbars, adware or system optimizers.
