Registration was successful!
Please follow the link from the email sent to

Microsoft Award-Winning Expert Explains How to Protect Yourself from Cyberfraud

CC0 / / Hacked
Hacked - Sputnik International
According to reports, many websites streaming 2018 FIFA World Cup matches illegally place fans in danger as malicious actors use the event as a business opportunity. Many experts have warned that cyber criminals have produced a variety of ways of tricking fans into unwillingly giving up their account credentials.

Radio Sputnik discussed this with Troy Hunt, Pluralsight Author, Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security.

Troy Hunt: This is the same sort of problem we see after things like natural disasters, terrorist attacks or anything else which is a big news story that draws people into a location. And very often we’ll see the allure of something like the ability to watch the World Cup live being used as bait, if you like, and that might then result in things like requests for people’s credentials.

Fraud - Sputnik International
UK Younger Generation Increasingly Falls Victim to Online Fraud
Sputnik: How profitable are the events like the World Cup to hackers? We had the royal wedding a couple of months ago that was seen by massive global audience. The fact now is that at this technological age, the Internet gives the ability for all global citizens to see the World Cup, so it’s a massive draw for these potential fraudsters, isn’t it?

Troy Hunt: I think “draw” is a key word there; it’s something that’s attractive to people and you’ll find fraudsters offering access to the World Cup. You mentioned the wedding, even possibly having access to the wedding information or something which entices people to come and perhaps maybe offer information that they wouldn’t have normally offered if they weren’t being enticed by something so attractive.

Sputnik: Is there any data on how cyber criminals have been using the FIFA World Cup in Russia this year for their malicious needs?

Troy Hunt: I haven’t seen anything quantifiable on the World Cup to say, but it’s a very common pattern where there’s some major international event or newsworthy story and fraudsters will use that because they know what people are going to be looking for it. Perhaps in the case of something like the World Cup people are a little bit excited about the event and might take some shortcuts in the sense of security and provide information that they wouldn’t normally do, because they’re so keen on the event.

Sputnik: What can be done by authorities and security companies regarding the security of fans during this tournament online?

Troy Hunt: Frankly, a lot of this comes down to education because particularly when we get to things like phishing, whether they be phishing emails or phishing websites, this comes back to people making sensible decisions about how they make trust decisions. So who are they going to give information to? Who are they going to perhaps hand over passwords to and sometimes even hand over money to? All the hard technical controls in the world, things like antivirus or flagging phishing sites only go so far so long as we are susceptible to the suggestion, which a lot of these fraudsters use.

Kaspersky Lab office in Moscow - Sputnik International
Kaspersky Lab Warns of Surge in Online Fraud Ahead of 2018 World Cup
Sputnik: You would have thought now that most people were knowledgeable in terms of trying to protect themselves. We’re living in a forensic computer science environment and most people are aware of it, but having said that there’s still a lot more to do. What’s your personal view in terms of education? Is that something that should be down to a specific company or websites, is it countries’ governments or how can we as a global audience get better at protecting ourselves? Where does the responsibility lie?

Troy Hunt: I think to the point that we’re living in 2018 and we should be getting better at this stuff. On the one hand that’s true, on the other we’re also connected in that there’re so many instances where online services are asking extra information. Frankly, it can be very difficult to tell phishing attacks from real legitimate requests for information. Banks requesting information in ways which, to me, smell completely like a phishing attempt.

In terms of whose responsibility it is, it’s a shared responsibility. We’re increasingly seeing cyber security trying and in corporate environments, we’re seeing governments around the world being better and better at providing information to people about the signs of phishing attacks and fraudulent activity. And we are seeing hard controls improve as well, so we’re seeing phishing sites getting flagged very early. By the likes of Google Chrome, many people have probably seen the big red page saying ”this is a phishing site, leave now.”

So we’re trying to improve at different levels, but as much as we do a good job there, fraudulent activity gets more and more sophisticated as well. What we got to do, and in a case of things like PayPal phishing emails, if you get an email allegedly from PayPal telling you that some sort of action is required, don’t click the link. Go to your web browser, type in, go into your account and see what’s on there. And what all the institutions got to do is give people the education and even the opportunity to do independent verification of these messages.

A really good example in verification is I’ve had American Express call me up before and say we’re American Express, we’ve had a fraudulent transaction and we need to confirm your identity and when I challenged them on, they said “well, turn over your card and call us on the phone number on the back of your card.” That’s just fundamentally simple, that’s something that everybody gets and it is an independent means of verifying the authenticity of the caller.


To participate in the discussion
log in or register
Заголовок открываемого материала