Cyber criminals and other threat actors are looking to kick their activities into a higher gear as three major upcoming events provide the perfect opportunities to launch phishing and other cyber-attacks.
Don’t score an own goal this World Cup
The FIFA World Cup in Qatar starts this Sunday and threat actors will be stepping up their attempts to defraud football fans. Beware emails and text messages promising tickets, prizes and other rewards related to the tournament as chances are they are phishing attempts.
Whenever a significant event occurs threat actors seek to incorporate them into their campaigns. With the World Cup the biggest sporting event in the calendar and set to be viewed by billions it makes it the perfect event for them to try and cash in on.
A favourite tactic seen in previous World Cups are the use of domains designed to impersonate tournament sponsors and its brand. They are then used to send phishing emails or dupe visitors into clicking on malicious links.
Cyber-attacks by hacktivist and/or state sponsored groups could also be an issue with this World Cup as environmental and human rights groups could use it as an opportunity to cause disruption and spread their messages. On the state sponsored front Russian or Ukrainian hacker groups could use the tournament as a way to cause disruption and draw attention to the war in Ukraine.
Black Friday and Cyber Monday Scams
In what has become something of an annual tradition in the cyber security world are the yearly warnings over the upcoming Black Friday and Cyber Monday sales.
Both sales have become the largest online retail events of the year as people seek bargains and take advantage of substantial discounts. With the cost of living crisis we can expect to see more people than usual looking to take advantage of the sales in the run to the end of year holiday season.
A report released by the NCSC warned that its Active Cyber Defence programme identified over 4,100 online retail websites that were unknowingly hosting credit card skimmers that exploit vulnerabilities in checkout software and diverts payments and steals data. Many of these retail sites are thought to have been compromised by a well-known vulnerability in Adobe’s Magento product.
We can expect this number to have increased in recent weeks as threat actors step up their preparations for the sales and as retailers continue to fail to patch the vulnerability.
You should be wary of websites, social media pages and apps impersonating official World Cup properties as many are likely to be phishing websites designed to steal a victims details or install malware.
As with many aspects of cyber security the first stage of reducing the threat is common sense and vigilance. If you think something is too good to be true then chances are it is. Only use trusted sources and official channels for your World Cup fix and be wary of websites promising massive discounts. Attackers know that 'too good to be true' offers are excellent bait to hook in unsuspecting shoppers.
Be aware of lookalike domains, shop from reliable retailers and keep an eye out for emails requesting password resets or other account changes that have an urgency to them. Never click a link that you do not trust and always verify that a site is legit before making a purchase.
As phishers’ tactics evolve, so should your business’ ability to detect and defend against them. Contact an Integrity360 advisor to learn more.