SDA India is an online resource for Software, Development,IT, Architecture, Open Source, Mobile, Security, Databases, Delphi, C, OS, Asp, .Net, Php, Xml, Java
Analyst Corner
Beware Of Online Fantasy Games: Sophos
Sophos has urged online fantasy sports fans around the world to rethink their game strategies as league profiles could be used for targeted phishing attacks stemming from information posted on these sites.
Research conducted by Sophos has discovered that players of online games like Fantasy Football often post their real names, email addresses and even phone numbers. This information paired with personal preferences, such as favourite teams and players, provides cybercriminal with all the information needed to design and orchestrate a successful phishing campaign that could steal additional personal information, illicit money or load malicious spyware or viruses onto a desktop.
In the US, the National Football League (NFL) is now top of mind for millions of sports enthusiasts. Spam messages offering fantasy football newsletters, player statistics and inside information on rising NFL stars can be crafted to look like something a fantasy player would typically register for, increasing the likelihood of a click through from the spam message. However, these emails could contain malicious content or hyperlinks designed to infect computers with spyware or steal passwords and username information.
For example, an NFL-themed version of the Storm worm (also known as Dorf), has in recent days been spammed to fans under the guise of a game ticker when in reality it contains malicious links that can lead to denial-of-service attacks.
A recent survey by Sophos has revealed that many workers are accessing Fantasy Sports websites from the office, potentially putting their company's data at risk. Sophos's survey discovered that:
* More than 70% of employees polled participate in fantasy sports leagues
* 65% of those monitor their team's performance from the office
"As fantasy sports leagues are gaining popularity everywhere, it’s imperative that users remain educated on potential security threats that could arise from fantasy play," said Ron O'Brien, senior security analyst at Sophos. "Fantasy players should be extremely cautious about the information they provide in their profiles and should also review and utilise the security settings provided by each fantasy league. Knowing someone’s favorite football team and email address increases a hacker’s success rate by playing off a person’s interests."
In a separate survey, Sophos has revealed that a total of 65% of administrators said that employees should not be able to access fantasy leagues websites from the workplace:
"It's clear that businesses are seriously considering restricting access to these kinds of sites. Employees may not like it, but websites like these can represent a security risk if used carelessly. Unless there's a work purpose, many firms do not see any reason why staff should need to access them during work time," continued O'Brien. "Companies are increasingly looking to secure and control their workers' web activity because of the impact it can have on the company in terms of productivity, bandwidth and security."
To avoid personal or corporate security risks, Sophos reminds users to always verify the authenticity of any message they receive prior to clicking any links or opening attachments.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.
Research conducted by Sophos has discovered that players of online games like Fantasy Football often post their real names, email addresses and even phone numbers. This information paired with personal preferences, such as favourite teams and players, provides cybercriminal with all the information needed to design and orchestrate a successful phishing campaign that could steal additional personal information, illicit money or load malicious spyware or viruses onto a desktop.
In the US, the National Football League (NFL) is now top of mind for millions of sports enthusiasts. Spam messages offering fantasy football newsletters, player statistics and inside information on rising NFL stars can be crafted to look like something a fantasy player would typically register for, increasing the likelihood of a click through from the spam message. However, these emails could contain malicious content or hyperlinks designed to infect computers with spyware or steal passwords and username information.
For example, an NFL-themed version of the Storm worm (also known as Dorf), has in recent days been spammed to fans under the guise of a game ticker when in reality it contains malicious links that can lead to denial-of-service attacks.
A recent survey by Sophos has revealed that many workers are accessing Fantasy Sports websites from the office, potentially putting their company's data at risk. Sophos's survey discovered that:
* More than 70% of employees polled participate in fantasy sports leagues
* 65% of those monitor their team's performance from the office
"As fantasy sports leagues are gaining popularity everywhere, it’s imperative that users remain educated on potential security threats that could arise from fantasy play," said Ron O'Brien, senior security analyst at Sophos. "Fantasy players should be extremely cautious about the information they provide in their profiles and should also review and utilise the security settings provided by each fantasy league. Knowing someone’s favorite football team and email address increases a hacker’s success rate by playing off a person’s interests."
In a separate survey, Sophos has revealed that a total of 65% of administrators said that employees should not be able to access fantasy leagues websites from the workplace:
"It's clear that businesses are seriously considering restricting access to these kinds of sites. Employees may not like it, but websites like these can represent a security risk if used carelessly. Unless there's a work purpose, many firms do not see any reason why staff should need to access them during work time," continued O'Brien. "Companies are increasingly looking to secure and control their workers' web activity because of the impact it can have on the company in terms of productivity, bandwidth and security."
To avoid personal or corporate security risks, Sophos reminds users to always verify the authenticity of any message they receive prior to clicking any links or opening attachments.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.
Related Links
None
