2014 sees two huge sporting events taking place: the football World Cup in Brazil and the Winter Olympic Games in Sochi. In November we mentioned a mailing exploiting the World Cup – the fraudsters disguising their scam as a lottery. In January the number of these kinds of mailings increased. The stories used in the messages were identical: the user was informed that he/she had been chosen from among millions of other users as the winner of a lottery with a huge prize. In order to claim the money, the user had to contact the organizers using the addresses and phone numbers provided.
The body of the message was either empty or contained just one phrase: “See the attachment for information” or “Open the attachment”. The content of the attached file changed from message to message, as did the file format – JPEG, PDF or DOC. The file contained information about the alleged prize and also had references to FIFA and the World Cup. The scammers even went to the trouble of including official logos and pictures from the ceremony when Brazil was awarded the World Cup.
At the end of January we also detected a mailing with malicious attachments that exploited the 2014 World Cup theme. In the fake letters sent on behalf of the site copa2014.gob.br, the official contact channel of the Brazilian government for the FIFA events, the recipient was congratulated on winning two tickets for the World Cup. In order to print off the tickets, the user had to click the link in the message. If the user fell for the scam, a Trojan-Downloader appeared on the user’s device, which then downloaded Worm.VBS.Dinihou.
The worm is not only used to download and launch unknown files without notification but also infects connected USB flash drives. To make the emails appear more authentic the scammers used the World Cup logos and used what appeared to be a genuine address in the in the sender field. On closer inspection, however, the domain .com is used and not .gov, which indicates it’s a fake.
Our colleagues from Brazil found the same phishing mailings. The fraudsters offered free tickets to the World Cup, free travel to Brazil and other “gifts”. The aim of the criminals was to steal the user’s personal data, including the data on his/her credit card.
Small and medium-sized companies also advertised their services using the World Cup theme, sending offers for cut-price mobile services in Brazil.
Chinese factories also offered smartphone cases with the emblems of world famous football clubs.
Spammers exploit major international events for a variety of reasons, ranging from straightforward advertising to extorting money and stealing personal data. That’s why it’s important to be careful with emails from people you don’t know. Messages stating that you’ve won a lottery or some expensive tickets are most likely to be after your money or trying to infect your device.