They say FIFA 2010 could be one of the most watched sporting events in history, and it is anticipated as perhaps the biggest sporting event ever! For this reason, it comes as no surprise that it is being used by cyber criminals as a foot in the door for a new scam. Two separate spam runs promoting FIFA 2010 have been identified. The first spam sample had a .DOC file attachment that informs recipients of a supposed new contest called “Final Draw” organized in part by the FIFA Organizing Committee. It also tells the recipient of a US$550,000 prize. To claim this, however, the “winner” must immediately coordinate with the releasing agent via the contact information indicated in the email. The email also asks the recipient to give out personal information.
Another sample related to this scam is a poorly written email with an equally poorly worded letter attachment in PDF. This asks recipients to divulge specific information in relation to a fund transfer transaction amounting to a whopping US$10.5 million. Upon agreeing to the proposal, the recipient should supposedly get 30 percent of the said amount.
Note that this tactic is reminiscent of the infamous 419 or Nigerian scam, which persuaded users to send cash by promising them a large amount of money in return for their cooperation.
A typical 419 or Nigerian scam is a type of fraud wherein victims are promised a sum of money such as lottery prizes, inheritances, etc. in exchange for something minor like giving out information or a small donation via spam (see Figure 3). The letter starts off by (1) introducing the sender from a supposedly reputable organization. It then implores help from the email recipient. The FIFA-themed spam we obtained (see Figure 4) uses the same technique–(2) promising the recipient a sum of money.
Both scams do not directly ask for cash. Instead, they request for information or for the recipients to (3) coordinate with a fake contact accompanied by a (4) call to action to send in their contact details. Simply put, the cybercriminals behind these scams are malicious users that use the Internet to commit crimes such as identity theft, spamming, phishing, and other types of fraud. In fact, FIFA sternly warned fans of similar online scams such as those featured in the following blog posts: