By: Tomáš Foltýn, Security Writer for welivesecurity.com
Now that the 2018 FIFA World Cup is underway in Russia, it’s easy to get carried away by all the excitement which is what scheming fraudsters are counting on. While you’re distracted by the hype of all things soccer, they’re focused on implementing a variety of sneaky methods to gain access to your personal data – typically log in and credit card details.
Whether you’re lucky enough to travel to experience the matches in person or watching from home or your favourite sports bar up the street, World Cup fans should stay on high alert for foul play off the field as well as on.
The first line of defence to prevent and protect yourself against potential cybersecurity risks is being aware of the various World Cup scams currently being used:
STING IN THE TAIL
Imagine you’re all fired up about the World Cup and you conveniently receive an email from a legit-seeming address or see a social media post with a link to an amazing ticket-inclusive of hospitality or a cheap match ticket deal. Jackpot!
You’re then directed to a convincing imitation (if not an outright duplication) of an official-looking World Cup page that is actually a phishing site. Once you input in your personal information to access the deal, instead of receiving your “tickets” (as you’ve been led to believe) your bank account is raided.
You’d be hard-pressed to find someone who doesn’t daydream of winning the lottery. Fraudsters prey on those hopeful sentiments by impersonating FIFA, sponsors, and partners of the event – such as Visa, Adidas and Coca-Cola – in communications congratulating fans on “winning” a lottery. However, the release of the “prize” requires your personal details or a payment upfront which is a variation of an “advance-fee scam”.
Even if you have no intention of visiting the World Cup venue, watch what you click. Malicious links and attachments may be hidden within a seemingly innocuous email containing relevant content about the game but malware, such as a banking Trojan, can be implanted into your device to extract your financial information.
While watching matches from the comfort of your own home means you sidestep the headache of fake tickets or IRL pickpockets, you should still be on guard when using live-streaming websites. In order to watch for free, you’ll be prompted to download additional software or to update your existing one (such as Flash Player) and inadvertently compromise your tech with malware or harmful software like a browser hijacker.
Scam artists can also set-up generic-named, rogue Wi-Fi hotspots as decoys to gain access to your personal data when you connect. Even a legitimate public Wi-Fi network that isn’t properly secured can be comprised by malicious external parties, intercepting the data in the middle of its travels.
Russian law enforcement has even released a warning about fraudsters buying retired cash machines with the purpose of refitting them to target World Cup attendees. Using tools such as fake keypads or hidden cameras, the ATM can sneakily swipe your payment card information without you noticing.
SHOW THE RED CARD TO SCAM ARTISTS
Here are some tips from cybersecurity professionals to stop the scammers in their tracks and protect your private and personal information.
- Only purchase tickets through the official FIFA site while ticket-inclusive hospitality packages are exclusively available through an appointed company and its sales agents.
- Some of the most effective methods for fraud have been around for several decades so start recognizing the standard language used in phishing messages.
- Does an offer sound too good to be true? It probably is. Any request for sensitive information should be regarded with suspicion. Legitimate organizations, such as banks, will never ask for private details over an unsecured connection like email.
- Don’t make assumptions of legitimacy based on appearances alone. A secure connection and a secure site are not the same thing and just because a site shows up in Google, doesn’t validate it. Scammers are embracing HTTPS and employing SEO strategies to boost their rankings.
- Avoid online banking and personal shopping while using public Wi-Fi networks. Even if they haven’t been tampered with by cybercriminals, they still leave you vulnerable for simply being unsecured.
- In regards to refitted ATMs, use the ones in high-traffic areas and inspect the machine to see if there’s any indication that it’s been meddled with.