The ICC 2011 Cricket World Cup begins on February 17, 2011, and phishing sites promoting the tournament have already been observed:
One of the phishing sites spoofs a popular social networking site and has a logo of the brand containing some artwork. It is interesting to note that the artwork has a sketch of the Arc de Triomphe in Paris. The fraudster probably intended to represent the Gateway of India in Mumbai, since the cricket finals will be held there. When the logo is clicked, information related to the event is displayed. Below the logo are icons for the sponsors and sports channels in India that will broadcast the tournament. The schedule of the matches has been finalized and tickets have been available for sale since June 1, 2010. The phishing site claims that users can get tickets to the matches by entering their login credentials. If the fraudsters are successful with the lure, users will give up their login credentials to the phishing site in the hopes of obtaining tickets for the Cricket World Cup.
The phishing sites were hosted on free Web-hosting domains. The URLs contained words that indicated the content was related to the World Cup. Below is an example of one such URL:
hxxp://icccricket2011.******.com [Domain name removed]
Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:
• Do not click on suspicious links in email messages.
• Check the URL of the website and make sure that it belongs to the brand.
• Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link.
• Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing.
Note: My thanks to the co-author of this blog, Ravish Bagul.