False contest to win Brazil World Cup jersey circulates through WhatsApp

False contest to win jersey of the Brazilian team found on WhatsApp

The scam circulated through WhatsApp aimed at users in Brazil claiming that Nike will give away the jersey that the team will wear at FIFA World Cup Russia 2018.

The scam circulated through WhatsApp aimed at users in Brazil claiming that Nike will give away the jersey that the team will wear at FIFA World Cup Russia 2018.

With ten days to go before the FIFA World Cup begins in Russia, cybercriminals are trying to take advantage of the event by tricking people into providing personal details or clicking on links that contain dangerous content.

An example of this was recorded in Brazil last week, when a fraudulent campaign circulated, mainly through WhatsApp, with a message claiming that Nike would be commemorating 22 years as the official kit manufacturer of the Brazilian National Football Team by giving away official team shirts. The only requirement to obtain the prize was that the users share the message.

In the captures of the messages (below) that arrived at the ESET laboratory, there were two different links and neither had any relation to the clothing company. Indeed, clicking on the link directed the unsuspecting potential victim to a website that ESET detects as a site with potentially dangerous content. The below texts are translated as: “Nike commemorates 22 years dressing Brazil National Football Team and for limited time it’s giving official shirts of the World Cup for free. I just won mine.”

Depending on the type of device the user is using: the behavior of the threat may be different, including subscribing the victim to premium SMS services or installing add-ons in the browser to steal user information.

The contest to win the shirt of the Brazil team

The campaign tries to convince potential victims that they were selected to participate in a small survey and once completed they are requested to share said survey with their contacts — in this way spreading the campaign by having the unsuspecting user to do the cybercriminals’ dirty work for them.

It should be noted that in this case the website has a valid SSL certificate. This can make users believe that it is a secure site by using the HTTPS protocol, but as  we have discussed previously, this is not an indicator that it is a safe site merely because it uses HTTPS .

WeLiveSecurity recommends users to use – both on their computer and on their mobile devices – a security solution that warns the user when faced with an attempt at deception or a suspicious website.

Likewise, with the World Cup getting closer, we expect cybercriminals to try to take advantage of fan excitement on all things related to FIFA World Cup Russia 2018 and  attempt to get users, albeit unknowingly, to spread threats. Therefore, it is important to be more attentive, learn to recognize these deceptions, prevent them from affecting us, and avoid spreading them to others.

Discussion