BOSTON -- Sophos, a world leader in IT security and control, is urging online fantasy sports fans around the world to rethink their game strategies as league profiles could be used for targeted phishing attacks stemming from information posted on these sites.
Fantasy players post their names, email addresses and even phone numbers. This information paired with personal preferences, such as favorite teams and players, provides a cyber predator all the information needed to design and orchestrate a successful phishing campaign that could steal additional personal information, illicit money or load malicious spyware or viruses onto a desktop.
In the US, the National Football League (NFL) is now top of mind for millions of sports enthusiasts. Spam messages offering fantasy football newsletters, player statistics and inside information on rising NFL stars can be crafted to look like something a fantasy player would typically register for, increasing the likelihood of a click through from the spam message. However, these emails could contain malicious content or hyperlinks designed to infect computers with spyware or steal passwords and username information. For example, recent media reports have identified an NFL-themed version of the Storm Worm, which is spamming fans under the guise of a game ticker when in reality it contains malicious links that can lead to denial-of-service attacks.
A recent survey by Sophos concluded:
As fantasy sports leagues are gaining popularity everywhere, its imperative that users remain educated on potential security threats that could arise from fantasy play, said Ron OBrien, senior security analyst with Boston-based Sophos. Fantasy players should be extremely cautious about the information they provide in their profiles and should also review and utilize the security settings provided by each fantasy league. Knowing someones favorite football team and email address increases a hackers success rate by playing off a persons interests.