Now that the 2014 FIFA World Cup is under way, Fortinet’s FortiGuard team wants Internet users in Malaysia to be on the look out for an onslaught of scams and attacks.
 
The simple tips below can help football fans avoid unpleasant surprises:

1. Unsolicited e-mail messages: E-mail messages announcing, for instance, that you have been selected to go to the World Cup final are very commonly used as bait. While it is very tempting to click on an e-mail link, you could be taken to a compromised website that downloads malware onto your computer. The malware could be a key logger that captures your personal information such as your passwords or other credentials or it could download additional malware that compromises your machine further or turn your computer into a spam generator. Spammers and scammers love events such as this because they know everyone is on the look out for attractive offers.

2. Online retailers offering discounted tickets: If you discover an online store that’s offering unbelievable deals for tickets, do some research to make sure it’s a legitimate store and not a false front that will disappear along with your credit card information. Even if they are legitimate, you’ll want to make sure the site hasn’t been unknowingly compromised by SQL injection or other attacks. Compromised websites won’t always redirect you to a malicious site, but will often surreptitiously install other forms of malware on your computer such as Trojans, bots, key loggers and rootkits, all of which are designed to harm systems and steal personal information. Similarly, avoid believing marketplace offering items at low prices. One must be suspicious of deals that appear to be too good to be true during an event ast popular as this.

3. Phishing and identity theft: Users may receive an e-mail from their bank and/or PayPal highlighting that a payment for their purchase is in progress while the user has, in fact, not made any purchase. To cancel the transaction, the user must click on a link which will take him or her to a form which requires personal information. Users should keep in mind that their bank would never ask for their banking ID by e-mail. If they give away their banking credentials, their account could be seriously compromised. This technique, called phishing, is also used by scammers to acquire other sensitive information that could lead to their friends being lured in as well.

4. Unsecured WiFi hotspots in Brazil: Those who do not have the chance to watch the matches at the stadium will use the Internet to view the results in real-time by connecting to WiFi hotspots in hotels or bars. Do not connect to an unsecured hotspot. An unsecure hotspot allows hackers to capture data that’s going in and out of the hotspot, enabling them to intercept logins and passwords, e-mail messages, attached documents and other personal information.

The Web is full of all types of scams and here are a few more basic tips to avoid them:

• Requests for password or credit card information should immediately set off alarm bells —  double check before you comply
• Be wary of links that lead to applications or external websites
• Always remember this saying: If it’s too good to be true, then it probably is.
• If you haven’t entered a lottery, you can’t win it.
• Even if you are connected to a secure access point, ensure that the important websites you visit are secured via HTTPS connection.

Guillaume Lovetis Senior Manager, FortiGuard Labs’ Threat Response Team, Fortinet. The company is a worldwide provider of network security appliances and unified threat management.