Two new phishing campaigns have emerged in recent weeks due to the start of the 2018 FIFA World Cup. Bad actors are targeting fans of the hugely popular World Cup and one of its long-time partners and sponsors, Adidas. One campaign disguises itself as an interactive World Cup schedule that tracks game results in real time, while the other falsely promises a free $50-per-month subscription for new Adidas sneakers.
A World Cup Phishing Campaign
First identified on May 30 by the security firm Check Point, this phishing campaign peaked around June 5 and has since began to re-appear now that the World Cup games have started. The campaign utilizes a well-known type of malware typically used to deliver PUPs, adware, and toolbars called ‘Downloader Guide’.
Emails with the subject line: “World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager” invite recipients to download an attachment that supposedly contains an interactive World Cup schedule. Researchers found 9 different malicious executable files embedded within the attachment.
Adidas Fans Beware
The other phishing campaign is targeting Adidas fans using a common trick now-a-days among hackers: masquerading as a legitimate company or brand by creating a link that appears to be from an accredited website. These emails deceptively appear to be from Adidas & contain a link using a vertical line instead of the “i” in Adidas. Prospective victims are encouraged to click the link to receive a free $50-per-month subscription towards Adidas shoes.
Why the World Cup?
Cyber criminals love to launch malicious campaigns around big sporting events because they garner huge amounts of popular interest, and it doesn’t get much bigger on a global scale than the World Cup.
Hackers are hoping to capitalize on sports fans’ excitement and catch end-users with their guards down. In fact, it’s not just phishing campaigns; various fake and malicious websites, giveaways, and tickets have been reported in connection to the World Cup.
How to Protect Yourself From Online Phishing Schemes
Phishing attacks are becoming more and more sophisticated, so it is important to implement several layers of protection. On an individual basis, always ensure software is updated, keep an eye out for suspicious emails, and never click a link if you have even the tiniest doubt regarding its validity.
From an organizational standpoint, companies should put in place automated email security controls that can stop malicious emails from ever reaching employees’ inboxes. Multi-layered security strategies can also mitigate the damage done by a phishing attack if the initial campaign successfully infiltrates your network.
Protecting Your Network
JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.