Malware, social engineering and dodgy ticket sites. Here are the security threats you should be looking out for during Euro 2016
As has been the case with numerous other sporting events, cybercriminals will seek to exploit the popularity of Euro 2016 to further their scams – impacting corporate IT departments in the process.
While live streaming presents its own set of challenges for administrators, interest in the tournament will not be limited to matches.
Euro 2016 will be an immensely popular topic on social media – making it an ideal platform for cybercriminals to spread malicious links. Football fans could be lured by a sensationalist headline that installs malware, or those seeking tickets could redirected to a fake website.
COMPETITION: Win tickets to NFL London at Wembley!
Social media tricks
“It is well known that people use online social networks such as Twitter to find information about an event,” said Pete Burnap, director of the Social Data Science Lab in the School of Computer Science & Informatics at Cardiff University.
“URLs are often shortened on social media due to character limitations in posts, so it’s incredibly difficult to know which are legitimate. “Once infected the malware can turn your computer into a zombie computer and become part of a global network of machines used to hide information or route further attacks.
“At the moment many existing anti-virus solutions identify malware using known code signatures, which make it difficult to detect previously unseen attacks. Our system is making a decision using code behaviour, which is more difficult for cyber criminals to mask.”
Tickets for the most popular matches at Euro 2016 sell out months in advance, leaving desperate fans to scour the Internet in the vain hope of securing a spot in the stands. Cybercriminals take advantage of the fact that many people will be willing to take certain risks in such situations.
“Cybercriminals are fully aware of how desired tickets to [Euro 2016] are and have set up phishing sites and phishing social media and email campaigns to trick people into buying phony tickets,” said Avast’s Michel Salat. “Numbers from the British Local Government Association published in May show bogus tickets from sold out matches and other summer events have been appearing on social media sites like Facebook and Twitter.
Ticket scams are a spammer favourite, cybercriminals use this time to advertise ‘unmissable deals’ and exclusive tickets and demand payments without ever producing the goods,” added John Wilson, field CTO at Agari. “Consumers need to be mindful that it’s not always just discounted tickets, but things like VIP viewing packages, opportunities to meet the players can also be scams.”
Scammers have also submitted fake apps to the Google Play store. These apps masquerade as genuine football-related software, but instead flood a user’s smartphone with advertising.
“While these apps are not malicious per se, they are taking advantage of people trying to get into the tournament spirit by throwing way too many ads at them to make a profit,” added Salat.
But using social media during tournaments could be safer in the future. Burnap and his team at Cardiff University are deploying a trained computer to trawl though the URLs included with Euro 2016-realted tweets.
The system has been used during the 2015 Cricket World Cup and the Superbowl, with Euro 2016 serving as another test. The researchers say the sheer volume of posts during the tournament make it an ideal opportunity for their system – and cyber criminals.
It is hoped the computer can eventually flag malicious links in real time, helping social networks and law enforcement minimise threats. At present it can identify threats within 30 seconds and with 89 percent accuracy.