The World Cup is happening now, and for all of us, whether we like football or are trying to pretend we are not interested at all, – it is very hard to ignore. Love it or hate it, we all know about it.
Unfortunately the World Cup does not mean only fun, and a few weeks of banter over who is winning the office sweepstake – it is also a great opportunity for cybercriminals to exploit it for their benefit. The truth is that although we hear a lot about unfinished stadiums, strikes on the day or lack of preparation for the event, there is less of a spotlight on the cyber security risks. This article looks at two of the main ones, phishing and man-in-the-middle attacks.
As with all major events, including natural disasters such as tsunamis, cyber criminals will try to exploit it to create tailored phishing scams that are likely to land in your inbox. Gone are the days of badly spelt, poorly written phishing emails. These days, they are well designed, pretty sophisticated and your email provider may not flag the messages as spam. For example, you may receive an email saying that you have won a World Cup game ticket – just click and register. If you click and register there is a good chance you may have installed the latest version of a malware, trojan or virus, putting your digital assets at risk. Click here for an annotated example of a potential phishing email.
People out and about in public places want to remain connected and often search for available WiFi access points, even better if they are free. Cyber criminals use this behaviour to their advantage and create malicious access points (e.g. named: “WorldCupFree” or “StadiumFree”) to entice you into connecting. Once you are connected, they re-route all your activities, including your precious login details and personal information through the their computer (known in security circles as a man-in-the-middle attack). In a recent study of Wi-Fi access points in Sao Paulo, Brazil, security company Kaspersky found that 26% of them were completely open without any encryption – meaning connecting to these suspicious Wifi access points could make your personal details an open goal for attackers.
But all is not lost! There are things you can do to reduce your chances of falling victim to a phishing or man-in-the-middle attack, such as:
• avoid opening e-mail attachments from unknown senders. Always verify that the sender address is genuine
• check that there is a locked padlock symbol in your browser window when you are on the login pages organisations such as your bank. This means the connection is being encrypted. Note that the beginning of this type of internet addresses will also change from ‘http’ to ‘https’ when a secure connection is made
• always double check the URL where you navigate to
• install up-to-date antivirus software if you use WiFi in public places, regardless of whether you are using a smartphone, tablet or laptop
• remember that not all public WiFi is encrypted – even if you are asked for a password. Think twice before accessing sensitive data (e.g. your bank account) while connected through a public network
• always ask the venue for legitimate names of their public WiFi networks.
Even in the world of cyber, the old adage is true ….. If it looks too good to be true, then it probably is!. Enjoy the World Cup and stay cyber safe!
Regular penetration tests can help you to protect your environments against man-in-the-middle attacks, for more information, please email firstname.lastname@example.org or call us on 0870 600 1667.