Fanatiques du “football” méfiez-vous!
A new 2014 FIFA World Cup phishing scam has emerged on Facebook in French, using images of FC Barcelona, Portuguese forward Cristiano Ronaldo and Argentine forward Lionel Messi to sucker cyber-surfing soccer zealots into giving up their email login information. Surprisingly, such ugly, fake Facebook phishing pages -- with their amateur image and text display -- are effective enough that they persist online.
“Fraudsters understand that choosing celebrities with a huge fan base offers the largest amount of targets which could increase their chances of harvesting user credentials,” Symantec Corp. (NASDAQ:SYMC) said in an update to its coverage of World Cup online scams.
In an update to this ongoing (and mounting) issue of World Cup-related cyber-threats published late Thursday, the Sunnyvale, Calif.-based computer security software provider said the latest attempt at stealing sensitive data from soccer fanatics comes from fake French-language Facebook sites.
Users who happen on these pages are asked to log in to their email account before they are next sent to legitimate group pages on Facebook.
“If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes,” Symantec added.
Such scams related to the next World Cup emerged last year, but the world’s most watched sporting event, which occurs every four years, is a popular target of identity thieves because they can cast an enormous multi-lingual net across the Internet, increasing their chances of fooling unsuspecting Web-surfers into naively sacrificing their privacy.
The use of Facebook's logo on a phishing page is just one avenue. Phishers in past World Cups also have sent out deceptive emails similar to 419-scams announcing that recipients have won lotteries and can claim their prizes by giving up sensitive personal information, such as bank account transfer numbers.
So what's the best way to avoid this scam?
Symantec says don't enter sensitive information into sites unless you're sure they're legit. It also says don't forward such sites to others. It also recommends ensuring the website is encrypted with an SSL certificate, which is easily indicated by a tiny padlock logo and “https” in front of the Web address.
In other words: Be less stupid.