Excitement is reaching fever pitch as football fans around the world count down the days until the FIFA World Cup kicks off in Russia.
The massive sporting event is gaining worldwide attention and is already proving to be a major magnet for cybercriminals as they target unsuspecting fans with mass phishing scams aimed at stealing personal information and spreading malware.
Fraudsters are taking advantage of the huge worldwide demand for tickets, accommodation and flights to trick victims into clicking on malicious links.
The attackers have not limited themselves to one particular type of scam and have in turn launched a range of attacks to dupe unsuspecting fans.
One of the most common forms of attack used by the scammers has been sending victims fraudulent emails notifying them of lottery wins supposedly held by FIFA and official partners and sponsors such as VISA, Microsoft and Coca-Cola.
The emails are extremely well crafted and contain attachments, such as a PDF or DOCC documents that congratulate the winner and ask them to enter contact details such as a name, address or date of birth, in order to receive their prize.
The fraudsters will then use this information to commit identity fraud, sell on the dark web or the malicious attachments may contain Trojan viruses that directly infect a victim’s computer.
Source: Kapersky Lab
Another common attack method used is the creation of fake websites that imitate official partner websites. Official partners of the FIFA World Cup will often arrange ticket giveaways for clients and fraudsters have exploited this to lure victims on to the fake sites.
The websites will appear legitimate and contain the official logos of partners with a well-designed working interface. To make their sites seem as credible as possible the cybercriminals will register domain names using the words “worldcup,”, “world”, “FIFA,” “Russia,” to fool unsuspecting users into thinking they are legitimate sites.
Users will then be directed straight through to a phishing site which will steal their data and extort money. Tickets for the World Cup can only be bought on the official FIFA website. Despite sites claiming they have match tickets available, all official tickets will be personalised, and fans will need to show an ID matching the information on their ticket.
Cybercriminals put a lot of effort into making their sites seem as legitimate as possible and have even been acquiring the cheapest SSL certificates available to give them the all-important HTTPS in front of their web address. This tricks users into thinking they are on a safe and secure site.
Another way the scammers try to obtain personal information is by mimicking official FIFA notifications. Users are informed that the system is being updated and that all personal information must be updated to prevent being locked out. The link will then direct users to a fake account which will steal their personal information.
Source: Kapersky Lab
Cybercriminals are opportunistic and are quick to take advantage of any major events or global issues that are taking place to launch their online scams. This has been evidenced recently by the massive increase in phishing scams in the run-up to the GDPR deadline.
We can expect to see the number of phishing attacks to shoot up in the next fortnight as football fans go online to book last minute tickets, flights and accommodation. To avoid falling victim to the World Cup phishing scams, there are a number of steps you should follow:
- Only buy tickets from the official FIFA website or official ticket retailers
- Never click on suspicious links or download attachments from unknown sources
- Use a credit card or debit card to book travel arrangements as it offers additional protection over other forms of payment.
- To make sure the site you are on is safe and secure, look at the domain’s WHOIS data. Fake websites tend to be recently registered, their owners are private individuals and detailed information about the owner is hidden.
- To assess the validity of a site, hover your mouse over the link without clicking on it, you should see the full hyperlinked address appear. If the URL does not match the address displayed, it is an indication that the message is fraudulent and likely to be a phishing email.
For further information on how to protect yourself from Phishing and Ransomware attacks, click here to find out how MetaCompliance can help.