Take a walk around your office today and you'll probably find at least a few employees watching a match from the 2014 FIFA Word Cup in Brazil at their desks via live video stream.
But while you and your co-workers huddle around computers watching all the action on the field, there are unsavory characters trying to steal your personal and company data.
Hugh Thompson, the chief security strategist and senior vice president of Sunnyvale, California-based security firm Blue Coat, says cybercrime campaigns always increase during large international events, and his firm has seen a sharp uptick since the start of the World Cup. "The criminals have had a long lead time up to this. The same way consumer electronics stores prepare for Black Friday and Cyber Monday, organized groups think about events like the World Cup, or the Olympics," Thompson tells Inc.
Thompson explains that with millions of people tuning into the World Cup matches online, friends and colleagues are sending each other links to live streams and articles about their favorite teams. These are all opportunities for cybercriminals to lure you to click on a bad link by impersonating someone you know or a reputable sports source.
"When someone sends you a link at just the right time, all of your filters go off. Even if that link is to some weird domain in Russia--which normally you'd be suspicious of, but looks like it came from your friend Phil and is about the game going on right now--your filters go down and you click," Thompson says.
Blue Coat, which secures the networks of 85 percent of Fortune 500 companies, blocks 3.4 million malicious URLs per day, Thompson says. The amount of malware that has been developed for the World Cup is alarming and companies need to know how to avoid suffering a data breach and losing customer trust.
Below, check out Thompson's tips on how to avoid phising emails, malware, and ransomware.
Don't download video players
Thompson says that cybercriminals have had video players, real-time score apps, and other World Cup-themed malware ready and waiting for months. "A lot of attacks are themed around the event, so your company needs to know that when you get sent a link for a video player download to get the real-time games, there's a big chance it could be malicious," he says. "People need to be vigilant about downloads of applications in general associated with the World Cup, but specifically video players."
Avoid links if you can
Thompson says that phising emails have been on the rise over the past week, and adds that you need to be on high alert when clicking links related to the World Cup. "If you receive a link from a friend, colleague, or family member, be careful. It's important not to drop your guard," he says. "You need to think about links the same way you do any other time. Is it a reputable site? Is this a site I need to go to? In most cases, inside the enterprise there's protection around the network, but many times people have their own devices that they do work and personal stuff on, or they're at Starbucks which has public [and unsecured] Wi-Fi."
Social media is getting malicious
More and more criminals are tricking people on social media. "An interesting development is that phising is happening on social media more. We're seeing phising not only coming through email, which was the primary delivery vector five years ago, we're seeing it come through Twitter," Thompson says. "We're seeing compelling tweets coming from a reputable source with Bitly link and you don't know where it's going to take you." If the link brings you to a site and asks you to download Flash Player, a video player, or an app, don't do it.
Watch for 'malvertizing'
Even your favorite site can be dangerous. "During events like this, established, well-known sites can also be compromised. Every site has an ad delivery network that places ads along the side of the page, but these can be exploited by cybercriminals," Thompson says. "Organized cybercrime groups will go to ad delivery networks and pay for them to put up an ad for something people will want to click on. Even the ad network doesn't know they are running what's called malvertizing--malicious advertising."