Video Screencast Help
Security Response

Scam for FC Barcelona Fans

Created: 12 Mar 2012 22:35:45 GMT • Updated: 23 Jan 2014 18:16:55 GMT • Translations available: 日本語
Mathew Maniyara's picture
+1 1 Vote
Login to vote

Co-Authors: Ashish Diwakar and Avdhoot Patil

Phishers often choose baits with the motive of targeting a large audience. Using popular celebrities as bait is a good example. Phishers understand that choosing celebrities with a large fan base would target the largest audience and supply more duped users. This month phishers are using the same strategy but, instead of targeting a popular celebrity, they associated their phishing site with the popular FC Barcelona football club. FC Barcelona is the world’s second richest football club and has a large fan following. The phishing site, hosted on a free web hosting site, has since been removed and is no longer active. However, though phishing sites are frequently short-lived, internet users should be aware that other phishing sites using this or a similar template could easily be encountered in future.

The phishing site prompted users to enter Facebook login credentials while the page content was designed to highlight the football club. The phishing page was titled “facebook F.C.B.” and the background contained an image of Javier Mascherano who plays in the defensive midfielder position for FC Barcelona. The fake page also contained the official logo of the football club (in the bottom left). After login credentials are entered, the phishing site would redirect to the legitimate Facebook community page for FC Barcelona. The purpose of redirecting to a legitimate page is, of course, to create the illusion of a valid login. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.