Researchers have recently witnessed cyber attackers launching a Spear Phishing campaign that delivers malware directly to World Cup soccer fans. The term ‘Spear Phishing’ is a form of phishing (email-spoofing attack) that targets specific individuals using persuasive context that relates closely to their interests and passions.

Millions of soccer fans all over the world are rooting for their country’s teams in the 2018 FIFA World Cup. This quadrennial event brings together millions of people to cheer for their national soccer team both at the event, in front of the TV, and electronically through social media, email, and other online media channels. Fans often take to Social Media to express their enthusiasm and involvement with country’s teams, but little do they know their publicly shared information can be used to support cyber attackers spear-phishing campaigns.

Researchers at Check Point recently discovered and shared information on a phishing campaign that sends out emails with the subject line: “World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager” falsely tricking users into thinking that they have been messaged the World Cup schedule and score-sheet. With a simple download of the “Schedule_and_Scoresheet” users’ computers will likely become infected with malware that can install unwanted programs and adware.

Whether you are an avid soccer fan following the 2018 World Cup, or an everyday computer user, be aware that these exciting global events often lead hackers to capitalize on peoples passions and exploit you with deliberate, devastating spear-phishing attack emails related to the flashy event of the moment.

Also know that hackers have no moral compass and often capitalize on tragic events as well. We’ve all seen phishing emails reportedly revealing first hand photos from inside the world trade center before it collapsed. Such schemes play to your emotions, seek to get you to react rather than think, and can lead to very damaging consequences such as identity theft, computer compromise, and ransomware demands by amoral hackers.

Here are our top 6 questions to ask to identify phishing or speak-phishing emails:

  1. Did I receive this email unexpectedly?
  2. Does it address me anonymously when it should know my name?
  3. Does it urge me to take some action such as clicking a link or opening a file attachment?
  4. Does it contain any spelling, grammar, or punctuation mistakes?
  5. Does the send email address seem strange, or inappropriate? Remember to look carefully at the sender. Shipping@mazon.com is not Shipping@amazon.com.
  6. If I hover my mouse over the links in the email, do they go to strange or shortened URL’s?

Answering yes to more than 2 or 3 questions means you’re being phished and under attack. Just delete the email and move about your business.