World Cup 2018 Phishing Scams

The 2018 World Cup is just two weeks and the media frenzy surrounding the soccer extravaganza is already reaching fever pitch. Sadly, Kaspersky Lab has already identified several World Cup 2018 phishing scams, with many of the early scams using emails to direct soccer fans to malicious websites offering the chance to purchase tickets for the matches.

With tickets for the big matches scarce and demand far exceeding supply, many fans are turning to touts to buy tickets to the big games. Steps have been implemented by FIFA to make it more difficult for ticket touts to operate, such as only permitting one ticket for a game to be obtained by any football fan. That individual is also identified on the ticket. However, it is still possible for consumers to purchase tickets for guests and touts are taking advantage. The price for guest tickets is very high – up to ten times face value – and that price will likely rise as the event becomes closer.

Such high prices mean the opportunity of getting a cheaper ticket may seem too good to miss. However, there are a multitude of hackers who have registered websites and are posing as touts and third parties that have extra tickets.

Buying a ticket through any site other than the official FIFA is a massive risk. The only guarantee is that the price paid will be a great deal higher, but there are no guarantees that a ticket will be issued after payment is made. Even if a ticket is bought from an unofficial seller, it may turn out to be a fakeand, in addition, paying with a credit or debit card could result in bank accounts emptied.

Kaspersky Lab discovered large numbers of malicious domains created and loaded with phishing pages to target the rush to buy tickets ahead of the tournament. The websites are very like the official site.To add credibility, domains have been bought that include the words worldcup2018 and variations along that theme. Cheap SSL certifications have also been purchased, so the fact that a website address begins with HTTPS is no guarantee that a site is authentic. Tickets should only be bought through the official FIFA website.

Standard security best practices should be implemented to assist soccer fans avoid World Cup 2018 phishing scams. Make sure you:

  • Only purchase tickets from the official FIFA website
  • Only reserve travel and accommodation from trusted vendors and carefully consider the vendors online before making a purchase
  • Never purchase products or services advertised in spam email campaigns
  • Never click on attachments in World Cup-themed emails from unknown sources
  • Do not visit hyperlinks in emails from unknown sources
  • Never visit a hyperlink until you have reviewed the true domain and avoid visiting shortened URLs
  • Ensure all software, including web browsers and plugins, is patched and kept fully updated
  • See to it that anti-virus software is downloaded and kept up to date
  • Think about implementing a third-party spam filtering solution to stop spam and malicious messages. This is especially important for businesses to stop employees from being duped into installing malware on work devices
  • Remain cautious! If an offer seems to good to be true, it probably is
Link copied to clipboard
Photo of author

Posted by

Elizabeth Hernandez

Elizabeth Hernandez is a news writer on Defensorum. Elizabeth is an experienced journalist who has worked on many publications for several years. Elizabeth writers about compliance and the related areas of IT security breaches. Elizabeth's has a focus data privacy and secure handling of personal information. Elizabeth has a postgraduate degree in journalism. Elizabeth Hernandez is the editor of HIPAAZone.