Contributor: Avhdoot Patil
Phishers have recently gained a lot of interest in football. Various phishing attacks using football were observed in 2012. Phishers have already shown their interest in the 2014 FIFA World Cup, football celebrities, and football clubs. Scam for LIONEL MESSI Fans and Scam for FC Barcelona are good examples of phishers using football celebrities and football clubs. Fraudsters understand that choosing celebrities with a huge fan base offers the largest amount of targets which could increase their chances of harvesting user credentials. In April 2013, the trend continued with phishers using the same strategy. The phishing sites were in French on a free web hosting site.
The phishing sites prompted users to enter their Facebook login credentials on pages designed to highlight Lionel Messi, FC Barcelona, or Cristiano Ronaldo. The phishing pages contained images of Lionel Messi, FC Barcelona, or Cristiano Ronaldo and tried to create the false impression that they were the official Facebook page for either Messi, FC Barcelona, or Ronaldo. Some of the fake sites were titled, “first social networking site in the world”. Users were prompted to enter their Facebook login credentials in order to connect to the Facebook page. After a user's login credentials have been entered, users are redirected to a legitimate Lionel Messi, FC Barcelona, or Cristiano Ronaldo community page to create the illusion of a valid login. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
Figure 1. Fake Facebook phishing page featuring Lionel Messi
Figure 2. Fake Facebook phishing page featuring FC Barcelona
Figure 3. Fake Facebook phishing page featuring Cristiano Ronaldo
Internet users are advised to follow best practices to avoid phishing attacks: