World Cup super scorers — spammers, phishers, hackers

The World Cup final may have elicited the most penalty cards ever issued by a referee in the championship game, but FIFA’s 2010 tournament also boasts another record for fouls of a different type.

Spammers, phishers, and hackers of every breed attempted to exploit interest in the world’s premier soccer tournament.

The volume of spam e-mail messages associated with World Cup keywords in the subject line were more than nine times higher that what we witnessed during the 2006 World Cup, Symantec Corp. reports.

The security vendor released its findings July 9 in its monthly State of Spam & Phishing report.

Spammers have changed tactics over the past four years, and now deceive potential victims by using current events and news items in e-mail subject lines, says Eric Park, anti-spam analyst with Symantec.

Related stories

World Cup-related scams

The Last Throes of Traditional Anti-Virus Software

“In 2006, they did not trick anyone. They were just very up front and straight up about it,” he says. “As users got more savvy and anti-spam products got better, they decided that method no longer works.”

In June, of the top 10 subject lines in spam messages, eight of them were related to the World Cup. The most-used line was “FIFA World Cup South Africa… bad news.” Other headlines refer to game outcomes with real scores such as “Germany beats England 4-1 in World Cup”, and a non-existent lottery related to the World Cup.

Using misleading headlines has proven popular among spammers because it works, says James Quin, lead analyst at London, Ont.-based Info-Tech Research Group.

“In our ever-more connected world people are eager for the latest tidbit of news, so when e-mail begins to flood their Inbox promising this information they jump at the opportunity,” he says. “I think we have to assume that this is boosting success rates given the spam metrics we’re seeing.”

The tournament may have been more successful for spammers to exploit this time because the U.S. fared relatively well, Symantec’s Park says.

“They played well and made it to the round of 16, so spammers took advantage of that,” he says. “The U.S. as a country has the biggest market share for spam.”

The U.S. maintained its number one position as the country of origin for spam messages, accounting for 20 per cent of all spam. India and the Netherlands tie in a distant second at six per cent of all spam.

Canada isn’t significant enough to be measured for spam, generating less than one per cent.

Canada did crack the charts when it came to phishing lures on the Internet, accounting for three per cent and landing in the sixth spot. The U.S. also generates the lion’s share of phishing attempts, at 55 per cent.

The World Cup was also the target of phishing Web sites looking to scam users of legitimate online gaming brands. One such scam took advantage of an online gaming site that offers free and paid-for online games. The scam offered a “FIFA World Cup 2010” special offer in exchange for a free game and sought log-in credentials to an e-mail account.

Another phishing attempt spoofed an online poker site and claimed a customer had won a lottery prize of $110 million from the FIFA World Cup. It also asked for e-mail credentials.

Other examples of hackers looking to exploit the World Cup were raised in the blogosphere. Sophos Labs blog pointed to an SMS message phishing attempt. “This is to confirm your cell have on US$5.8M for FIFA 2010 International Award,” it said. The claim was a dubious as it was poorly worded.

The McAfee Labs blog drew attention to scams that promised live streams of the World Cup games online using peer-to-peer networks. Many legitimate sites such as TVU and StreamTorrent require installation of software, but others contain malware and attempt to lock users into aggressive contracts that become costly. One site required an agreement to pay over $100 to supposedly gain access to watch the games online, even though many broadcasters were streaming them for free.

The H Security blog pointed out the spam on July 9.

Comment spam
Comment spam on Symantec’s World Cup-themed micro-site. Image courtesy H Security blog.

“Under almost every security tip published, there are comments from spammers with links for purses, T-shirts, metal parts, hotels, sport shoes and other dubious sales offers,” the blog says.

The security vendor solved the problem by removing all comments from the site as well as the ability to post a comment. Symantec wasn’t able to comment on the site at time of publication.

“Comment spam has become one of the most problematic issues with the connected nature of the current Web,” Quin says. “There is essentially nothing technologically that an organization can do to defend against comment spam because comment boxes on Web site postings are basically open entry fields.”

Symantec could have avoided the spam by requiring those wishing to comment to register or pass a CAPTCHA test, The H Security blog says.

“Symantec did not implement all of the usual security mechanisms for the comment functionality on a site,” the blog says. “Symantec is being astonishingly lax here when it comes to the security of its Web users.”

FIFA’s 2010 World Cup was the third-best attended in history, the organization reports. Collectively, more than 3.18 million fans attended the 64 matches.

Follow Brian Jackson on Twitter and check out the IT Business Facebook Page.

Share on LinkedIn Share with Google+
More Articles