32 nations are gearing up for the 2018 FIFA World Cup, and so are hundreds of thousands of eager hackers and scammers looking to take advantage of the carnival atmosphere.
Any major international event is always going to attract characters looking to scam those a little less vigilant when their guard is down, but the FIFA World Cup is arguably the biggest global event rivalled only by the Olympics.
This summer, while thousands of people will descend on Russia, millions more will be following online and leaving themselves open to scamming or hacking, thinking a site or link they are clicking takes them to the latest World Cup news.
Without a shadow of a doubt, fraudsters will attempt to gain access to your personal data – typically, credit card details or login credentials – using various methods.
Thankfully, the team over at ESET Ireland has revealed just a small number of the possible threats for you to watch out for.
The fact is that when demand outstrips supply of various sporting wares – whether it be tickets or football jerseys – fraudsters step into the fray with bogus links offering a cut-price deal that seems too good to be true, because it usually is.
These ‘bargains’ are typically hawked via fraudulent emails or social media posts, ESET Ireland said.
If users click on the provided link, they may end up as victims on a phishing website convincingly imitating World Cup branding, requesting input their personal information and payment card details.
It is also pretty common for fraudsters to accurately imitate official FIFA sites and those of its sponsors to tell you that you’ve unexpectedly won tickets or merchandise. For your ‘prize’ to be released, they will ask for your personal details and/or request a payment upfront in a kind of ‘advance-fee scam’.
Fan ID scams
While it is unlikely many Irish fans will be willing to make the trip over to Russia after the annihilation the national squad faced at the hands of the Danes last year, many other people from across the world will require a ‘Fan ID’. This is an identification document required by Russian authorities to gain admittance to a match along with a valid ticket, which many people might be duped into buying online thinking it is the real thing.
With a banking trojan implanted on your machine after you open the attachment or click the link, the attackers may extract your financial information.
The campaign tries to convince potential victims that they were selected to participate in a small survey and, once completed, they are requested to share said survey with their contacts. This helps the virus spread without the initial sender having to do the dirty work.
The only effective way of protecting yourself from these scams is to be super vigilant about any strange links you are sent, and don’t assume that a website is legit just because it has that comforting green padlock to the left of the URL (ie the HTTP Secure/HTTPS sign) as scammers are increasingly embracing the ‘safer’ standard.