Phishing a Chinese Brand Promoting FIFA

The FIFA World Cup 2010 is over, but the trend in phishing related to FIFA continues. In July, phishing websites were observed spoofing a Chinese E-commerce brand that promoted FIFA World Cup 2010. The fraudulent login pages contained cartoon characters of animals wearing uniforms that represent popular soccer/football teams such as Argentina and Brazil.
 
During the World Cup season, several FIFA products were merchandized on the brand's website. The products belonged to several categories, including computer games, footwear, soccer/football cards, sports apparel, and so on. The increased activity in the marketing of such products was the reason why fraudsters associated the phishing sites with FIFA. From the appearance of the fraudulent login pages, customers may get the impression that special FIFA offers are available in-store. By doing this, fraudsters are looking for a higher success rate in phishing login credentials.
 
Upon entering the login credentials, the phishing website was redirected to the legitimate website. New domain names were registered to create the phishing sites. The domain names were hosted on servers based in the USA.
 

Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:

•    Do not click on suspicious links in email messages.
•    Check the URL of the website and make sure that it belongs to the brand.
•    Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link.
•    Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing.

Note: Thanks to Wahengbam RobinSingh for co-authoring this blog post.