Going to Brazil? Beware of fake world cup-themed apps

With the FIFA World Cup fever gripping one and all, cyber criminals have sensed an opportunity to target users online, as well as offline.  

Across the globe, security advisories are cautioning users about possible scams and phishing attacks.

Security solutions firm Kaspersky Lab has advised football fans travelling to Brazil to use be cautious while using local AC/DC chargers, as cyber criminals are using fake AC/DC chargers to steal data from smartphone users.

...

A malicious AC/DC charger will, while charging your phone’s battery, steal information from your smartphone.

The interception will happen via a USB connection, as most plugs use such connections.

In some cases, fake chargers also install malware capable of tracking your location and stealing notes, contacts, pictures, messages, call records, saved passwords and browser cookies.  

 “Cyber criminals know when people are away from home and need their smartphones to access maps, routes and other information, they tend to use any available charger, even if it’s just for a few minutes.

Keep in mind you could fall victim and lose sensitive personal data,” said Dmitry Bestuzhev, head of Kaspersky Lab’s global research and analysis team in Latin America.

...

Another threat is accessing Wi-Fi. “Kaspersky Lab security experts conducted research on Wi-Fi access in São Paulo.

They drove 100 km around the city and checked about 5,000 different access points popular among tourists — parks, malls, airports, etc. It turned out 26 per cent of the 5,000 open

Wi-Fi networks in São Paolo didn’t use encryption,” the company said.

...

Security advisors have also cautioned those travelling to Brazil against fake and malicious versions of World Cup-themed apps.

Trend Micro, a security solutions provider, has already found 375 questionable or outright malicious World Cup-themed apps.

“The vast majority of these apps lurks from third-party app stores. So, users are advised to avoid them altogether or be extra careful when reviewing apps they want to install from them. Installing a mobile security solution is also a good idea,” said Dhanya Thakkar, managing director (India and Southeast Asia), Trend Micro.

...

World Cup fans have also been cautioned against free ticket scams, news service scams and online streaming scams.

Security solutions and storage specialist Symantec has identified several email scams and expects to see attempts to target fans on social networks.

“The most common scam around the World Cup involves free tickets. After all, which fan wouldn’t want an all-expenses paid trip to Brazil? Scammers know a dream come true is hard to let go, and circulate emails promising everything imaginable,” said a Symantec blog. 

Scammers are also targeting users through their favourite players.

“Currently, emails are being circulated about Neymar da Silva Santos Júnior, the young star player in the Brazilian national team. The email contains a malicious word document that exploits a known vulnerability in Microsoft Word. Interest in players such as Neymar and Argentinian Lionel Messi are used as baits to target victims, through email or social networking services,” the blog said.

...

Cyber criminals on the prowl

*Security solutions firm Kaspersky Lab has advised fans travelling to Brazil to be cautious while using local AC/DC chargers.

*A malicious AC/DC charger in Brazil will charge the battery, but will silently steal information from your smartphone. The interception will happen via a USB connection, as the majority of plugs use this connection. Fake chargers can also install malware capable of tracking your location, stealing notes, contacts, pictures, messages as well as call records, saved passwords and even browser cookies.

*The other threat point for travellers will be accessing Wi-Fi. About 26 per cent of the 5,000 open Wi-Fi networks in Sao Paolo don’t use any encryption.

*Others should be aware of fake and malicious versions of World Cup-themed apps.

*World Cup fans should watch out for free ticket, news service and online streaming scams.