In the past month, several phishing websites were observed to be spoofing online gaming brands. The popularity of the FIFA World Cup has encouraged users to visit legitimate gaming sites to play online football. The phishing sites were created with the hope of luring users to give up their credentials if they fell for fake offers celebrating the FIFA World Cup 2010. There were primarily two brands of gaming websites spoofed in these phishing attacks, and the phishing sites were created using free webhosting sites. The legitimate website for the first brand offers users free and paid versions of online games. The phishing website of this brand claimed that the customer could get the retail version of one of the games from a given list for free as a “FIFA World Cup 2010” special offer. In addition to the game, other features were also included in the fake offer, such as organizing groups, joining chats, and so on. The fraudulent site further stated that in order to gain access to the free game, the user needed to provide the login credentials for his or her email address. The second brand is for an online poker website. The brand is also a part of a popular social networking site as an application. The phishing page spoofing this brand claimed that the “customer” had won a lottery prize of $110,000,000 from the FIFA World Cup. The page asked for the customer’s email address and password as well as a bonus code for retrieving the prize. Upon entering the details (which would have been collected by the phishers), the page redirected to the legitimate website. Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams: • Do not click on suspicious links in email messages. • Check the URL of the website and make sure that it belongs to the brand. • Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link. • Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing. ------------------------- Note: My thanks to the co-author of this blog, Ashish Diwakar.