Major sporting events attract fans and cybercriminals alike. Earlier this year, attackers targeted the 2018 Winter Olympics in Pyeongchang; now their sights are on the 2018 FIFA World Cup. Soccer-related spam is ramping up ahead of the event, which begins in less than two weeks.
Kaspersky Lab researchers have identified phishing emails and fraudulent Web pages promising fake giveaways and the option to buy sought-after "guest tickets," which are both overpriced and likely to be unusable due to strict registration and transfer rules. Attackers are stealing both money and fans' private information, including credit card data they can sell for additional profit.
When World Cup tickets became available, the official FIFA website was overloaded and connectivity was poor, experts explain. Criminals used the window of opportunity to snatch up tickets with the goal of selling them to those who missed out. Hundreds of domains with wording related to the World Cup are offering tickets for up to ten times their actual cost, and there is no guarantee the resold tickets will work at the game: FIFA requires that each ticket is assigned to the holder's name.
Kaspersky Lab urges fans to only buy tickets from official sources and verify the website address and links while shopping. Further, fans shouldn't click links in emails, texts, or social media posts from people or organizations they don't know, or which seem suspicious.
Read more details here.