Symantec Security Response has observed phishers showing their interest in the 2014 FIFA World Cup, football celebrities and football clubs. Scam for LIONEL MESSI Fans and Scam for FC Barcelona are good examples of phishers using football celebrities and football clubs.
By choosing celebrities with a huge fan base, it offers the largest amount of targets which could increase their chances of harvesting user credentials. The trend continued in April 2013 with phishers using the same strategy. The phishing sites were in French on a free web hosting site.
The phishing sites prompted users to enter their Facebook login credentials on pages designed to profile Lionel Messi, FC Barcelona, or Cristiano Ronaldo. The phishing pages contained images of Lionel Messi, FC Barcelona, Cristiano Ronaldo and tried to create the false impression that they were the official Facebook page for either Messi, FC Barcelona or Ronaldo.
Some of the fake sites were titled “first social networking site in the world”. Users were prompted to enter their Facebook login credentials in order to connect to the Facebook page. After a user’s login credentials have been entered, users are redirected to a legitimate Lionel Messi, FC Barcelona or Cristiano Ronaldo community page to create the illusion of a valid login.
If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
Internet users are advised to follow best practices to avoid phishing attacks:
• Do not click on suspicious links in email messages
• Do not provide any personal information when answering an email
• Do not enter personal information in a pop-up page or screen
• Ensure the website is encrypted with an SSL certificate by looking for the padlock, “https”, or the green address bar when entering personal or financial information
• Use comprehensive security software such as Norton Internet Security or Norton 360, which protects you from phishing scams and social network scams
• Exercise caution when clicking on enticing links sent through email or posted on social networks
• Report fake websites and email (for Facebook, send phishing complaints to email@example.com)
For more information, please proceed to the Symantec Security Response blog post or follow us at @SymantecASEAN.