The days leading up to mass media events such as the Super Bowl are prime time for cybercriminals. This year’s Super Bowl, to be played between the Green Bay Packers and the Pittsburgh Steelers on Feb. 6, is especially lucrative for criminals who want to take advantage of the popularity of the teams involved.
Steelers fans are known for traveling to games all over the country and for buying as much merchandise as possible. Cybercriminals will try to take advantage of this fan loyalty with phishing schemes offering cheap tickets, accommodations and game merchandise.
But phishing is only one method the cybercriminals use to make their attacks. Leading into Super Bowl Sunday, they will use methods such as search-engine poisoning to push infected websites to the top of any online search involving the game or players.
After the game, expect social engineering to kick in, as malicious Web links will appear to come from friends, suggesting visits to YouTube to watch great plays from the game or replays of commercials.
“Telling the difference between a legitimate site and a malicious site can be very difficult,” explained Mark Maciw, web product manager at the U.K.-based Web and e-mail security company Clearswift. “They can look identical and even contain some of the content which is derived from the original and legitimate site, such as images.”
Clicking on a link sent via spam or found in a poisoned web search can unknowingly download a Trojan or other kinds of malicious software to your computer. Since the goal of a cybercriminal is to steal financial and other personal information, clicking on a link for super-cheap tickets to the game could end up wiping out your bank account.
“If you hold the mouse over the link in an e-mail, without clicking, then the destination URL may be shown in what’s called the ‘mouseover’”, Maciw said. “Check this link: does it match the link shown in the e-mail, and does it look like the URL for the site you’d expect? If not, then be suspicious again.
“Also, look carefully at the URL in the mouseover. Even if it appears to be the legitimate site, be careful because just one extra character, or changed character, can take you somewhere else completely different.”
Maciw also provided these tips for keeping safe during Super Bowl week:
— Always install the latest patches to your operating systems and applications; these will often include security updates.
— Always install desktop anti-virus software, and keep virus signatures up to date.
— Companies need to ensure that their security includes spam and URL filtering, as firewalls and antivirus systems or software are not sufficient.
— Employers should also show employees sensible precautions to take and how to avoid the obvious traps. As the boundaries between work and home become blurred, it helps employers if employees are security-savvy.
The best way to protect yourself? Maciw said it’s best to always be wary and not trust everything on the Internet. If a link is sent by a friend, double-check and ask yourself if the message containing the link is legitimate. Not everyone knows if his or her site has been compromised.