Scam for FC Barcelona Fans

Co-Authors: Ashish Diwakar and Avdhoot Patil

Phishers often choose baits with the motive of targeting a large audience. Using popular celebrities as bait is a good example. Phishers understand that choosing celebrities with a large fan base would target the largest audience and supply more duped users. This month phishers are using the same strategy but, instead of targeting a popular celebrity, they associated their phishing site with the popular FC Barcelona football club. FC Barcelona is the world’s second richest football club and has a large fan following. The phishing site, hosted on a free web hosting site, has since been removed and is no longer active. However, though phishing sites are frequently short-lived, internet users should be aware that other phishing sites using this or a similar template could easily be encountered in future.

The phishing site prompted users to enter Facebook login credentials while the page content was designed to highlight the football club. The phishing page was titled “facebook F.C.B.” and the background contained an image of Javier Mascherano who plays in the defensive midfielder position for FC Barcelona. The fake page also contained the official logo of the football club (in the bottom left). After login credentials are entered, the phishing site would redirect to the legitimate Facebook community page for FC Barcelona. The purpose of redirecting to a legitimate page is, of course, to create the illusion of a valid login. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.

World Cup DDoS blackmailer sentenced to jail

World Cup 2010

A court in Düsseldorf, Germany, has convicted a man who extorted money out of online gambling websites in the run-up to the 2010 Football World Cup in South Africa.

The Frankfurt man, who has not been identified, successfully blackmailed three online betting sites (and attempted to extort money from three others) by threatening them with distributed denial-of-service (DDoS) attacks which could have blasted them off the internet.

According to German media reports, the blackmailer hired a botnet for $65 per day and told the betting firms that he would make their websites unavailable during July 2010 – the month of the World Cup – if they did not pay him 2,500 Euros ($3,700).

When three of the sites refused to pay any money, the man reduced the ransom to 1,000 Euros.

This isn’t the first time, by any means, that denial-of-service attacks have been used to blackmail online gambling websites in the run-up to a major sporting event. For instance, in 2006 a Russian gang who were said to have extorted $4 million from British bookmakers were sentenced to jail.

As more and more firms rely on internet visitors for their revenue, so the potential impact that can be caused by a denial-of-service attack increases. It’s sadly no surprise, therefore, that some cybercriminals will see it as a way to make money.

The German authorities should be congratulated on their successful conclusion to this investigation. The man has now been sentenced to two years and 10 months in prison, and was ordered to pay up to 350,000 Euros ($504,000) in damages to the affected firms.

My guess is that he’s unlikely to be sending significant traffic to any websites anytime soon.