Opportunity presents itself in the form of the World Cup.
Scammers are flocking to the Internet, making the most of the hype in this year's soccer tournament. Reports say that there are over 16,000 sites that aim to scam soccer fans, as well as several fake advertisements. These schemes all lead to opportunists planning to steal private information or money.
One Tournament, Different Goals
With estimated live attendees of a million and over one billion viewers globally, fraudsters are presented with a wide array of potential victims. Group-IB, a cybersecurity firm, found around 16,000 domain sites that are dedicated to stealing data information or payment details. Social media marketplaces have also been riddled with 130 fake advertisements.
Threat actors created these ads to increase the number of people visiting fake websites, where it would appear as if they were selling official World Cup merchandise. Those who intend to buy the merchandise will either pay the fraudster directly or opt for a credit card. The hackers use Redline and Erbium, which are both information-stealing malware, as mentioned in Gizmodo.
Since fans would like to see the action as close as possible, many try their best to score the most expensive seats. This brings in several chances for scammers to sell fake tickets to fans who desperately want a ticket. Researchers have already found more than five websites dedicated to scamming ticket buyers.
Transactions are also done with various social media accounts, wherein the threat actor would converse with potential victims via WhatsApp or Facebook Messenger. After providing supposed legitimate details, buyers would eventually bite and provide their personal information or payment details.
Scammers are not limited to social media and websites since reports say that there are around 40 fake apps related to the FIFA World Cup. Tickets are being sold through the app as well. There is also evidence of fake jobs being posted, aiming to steal data from those who are looking for jobs at the tournament.
Scams to Watch Out For
One of the most prominent scams out there about the World Cup ticket sales. The best way to avoid scams is to purchase directly from the official website. Keep in mind that there are no tickets sold or resold anywhere else but on the website. Sure, there are legitimate scalp tickets that sell at a higher price sometimes, but why risk it?
Threat actors also have access to resources for search engine optimization (SEO). This means that they can utilize certain tools, to look for the most searched topics. Since the FIFA World Cup is all the rage right now, they will position fake websites on the top of search results to gain more visitors and page clicks, according to Avast.
Of course, phishing and malware won't be absent. Since fans want the latest news about the soccer tournament, cyberattackers will send out emails that have FIFA World Cup content. If you're instructed to download files or click links, it's best to stay away from it, as it is one of the methods to steal your private data.