Companies are considering blocking access to fantasy football sites
because of security and productivity concerns.
Sophos, a world leader in IT security and control, is urging
online fantasy sports fans around the world to rethink their game
strategies as league profiles could be used for targeted phishing
attacks stemming from information posted on these sites.
Research conducted by Sophos has discovered that players of
online games like Fantasy Football often post their real names,
email addresses and even phone numbers. This information paired
with personal preferences, such as favorite teams and players,
provides a cybercriminal with all the information needed to design
and orchestrate a successful phishing campaign that could steal
additional personal information, illicit money or load malicious
spyware or viruses onto a desktop.
In the US, the National Football League (NFL) is now top of mind
for millions of sports enthusiasts. Spam messages offering fantasy
football newsletters, player statistics and inside information on
rising NFL stars can be crafted to look like something a fantasy
player would typically register for, increasing the likelihood of a
click through from the spam message. However, these emails could
contain malicious content or hyperlinks designed to infect
computers with spyware or steal passwords and username
information.
For example, an NFL-themed version of the Storm
worm (also known as Dorf), has in recent days been spammed to
fans under the guise of a game ticker when in reality it contains
malicious links that can lead to denial-of-service attacks.
A recent survey by Sophos has revealed that many workers are
accessing Fantasy Sports websites from the office, potentially
putting their company's data at risk. Sophos's survey discovered
that:
- More than 70% of employees polled participate in fantasy sports
leagues
- 65% of those monitor their team's performance from the
office
"As fantasy sports leagues are gaining popularity everywhere,
it's imperative that users remain educated on potential security
threats that could arise from fantasy play," said Ron O'Brien, senior security
analyst at Sophos. "Fantasy players should be extremely cautious
about the information they provide in their profiles and should
also review and utilize the security settings provided by each
fantasy league. Knowing someone's favorite football team and email
address increases a hacker's success rate by playing off a person's
interests."
In a separate survey, Sophos has revealed that a total of 65% of
administrators said that employees should not be able to access
fantasy leagues websites from the workplace:
Survey results
Do you think people in your company should be
allowed to access Fantasy Football/Baseball/Hockey websites at
work?
|
| Yes |
|
|
| No |
|
|
| No, and I'm sick of
people wasting time at work! |
|
|
Sophos online survey, 200 respondents, 6 - 11
September 2007.
"It's clear that businesses are seriously considering
restricting access to these kinds of sites. Employees may not like
it, but websites like these can represent a security risk if used
carelessly. Unless there's a work purpose, many firms do not see
any reason why staff should need to access them during work time,"
continued O'Brien. "Companies are increasingly looking to secure
and control their workers' web activity because of the impact it
can have on the company in terms of productivity, bandwidth and
security."
To avoid personal or corporate security risks, Sophos reminds
users to always verify the authenticity of any message they receive
prior to clicking any links or opening attachments.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend
against the threats of spam, hackers, spyware and viruses.
Disclaimer: Please bear in mind that this poll is not
scientific and is provided for information purposes only. Sophos
makes no guarantees about the accuracy of the results other than
that they reflect the choices of the users who participated.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.