With the World Cup 2018 just over two weeks away, drawing more than five million people to Russia alongside a worldwide TV and online audience in the billions, experts at Kaspersky Lab have detected an increase of phishing emails and web-pages from fraudsters offering people the chance to snap up much sought after tickets.
As cyber scams reach fever pitch, Kaspersky Lab published, on SecureList, detailed examples of fake lottery win notifications, advertising spam and emails from attackers impersonating FIFA and official sponsors.
David Mole, Head of Sales UKI at Kaspersky Lab, warned: “With an event such as the World Cup, there is a high risk that football fans will pay extortionate prices – only to end up with fake tickets.”
>See also: FA warns over cyber security
“Once a hacker has your payment details, it can lead to them stealing your money. We urge people to be cautious and vigilant when they buy tickets.”
“The first step is using authorised sellers to avoid getting duped.”
This event is particularly interesting because there are a number of obstacles complicating the process of buying tickets. For instance, tickets can only be purchased on the official FIFA website and the procedure is multilayered and sophisticated for security reasons.
Ordering a ticket takes place in three stages and only one ticket per person is allowed.
The exception to this is guest tickets, which allows the purchaser to buy up to three additional tickets.
However, these are registered to specific names and can only be changed if the holder applies to transfer the intended recipient to another.
Despite this complicated process, fraudsters have used this to their advantage.
These offers come at a higher price than fans are bargaining for, with some tickets being advertised for up to ten times their face value.
Fake lottery win notifications
One of the other main types of World Cup-related email fraud is spam informing recipients of cash winnings in lotteries supposedly held by FIFA or official partners.
These messages often contain malicious attachments aimed to get the “winner” to forward sensitive contact details in order to receive the prize. Sometimes recipients are asked to pay a part of the postage or bank transfer fees.
>See also: The top 3 phishing trends to look out for
Another type of common spam fraud is an offer to take part in a ticket giveaway or win a trip to a match.
Victims are required either to register on a fake promotion page and provide an email address, or, as in the case of lottery emails, to send the “organisers” their contact details.
Such messages are sent in the name of FIFA, usually from addresses on recently registered domains. The purpose of such schemes is mainly to update email databases so as to distribute yet more spam.
Culture of fear
The findings by Kaspersky Labs is the latest in a string of instances highlighting cyber-related risks related to the Russian held event.
>See also: Nation State hacking: a long history?
GCHQ’s National Cyber Security Centre (NCSC) has previously warned that this event is ripe for cyber-crime and have announced that they will be briefing the England players over PS4 and smartphone use.
Even people who plan to watch from home have been warned of shady livestreams that can pinch payment details.