Any significant event is usually (ab)used by cybercriminals that seek to take advantage of people looking for information, tickets, or news.
In less than two weeks, the largest sporting event in the world will begin: The FIFA World Cup 2022. According to official data, the last time it took place (in Russia during 2018), the tournament was followed by nearly 3.6 billion people, and the final match alone was watched by more than 1 billion. Despite the upcoming World Cup being controversially discussed due to human rights abuses in Qatar, it will certainly be followed by a massive audience.
Any significant event is usually (ab)used by cybercriminals that try to take advantage of users looking for information, tickets, or news. We have to be ready, and that’s why we’ll explore the different types of scams and threats that we’ll eventually have to face, from ticket scams to SEO poisoning, lottery scams, phishing, and malware distribution.
We’ve seen this threat at all kinds of events, festivals, and concerts, and the World Cup won’t be an exception. People are susceptible to FOMO (fear of missing out) and scammers will use it against them to offer victims sold-out tickets. This one is easy to avoid: no tickets are sold or resold outside of the FIFA purview, if you want to acquire tickets, go to the official site. Otherwise, don’t say we didn’t warn you.
Many people would love to go to see their national team, so it is the perfect time for cybercriminals to organize a lottery offering the opportunity to win flights, hotels and match tickets. If you come across some of this my advice is think the worst and you won’t be far wrong. It is true however that there could be legitimate lotteries and usually some research on the Internet will help us find out if that’s the case.
The top searchers during the weeks of the tournament will be about matches, results and news around the World Cup. Search engine optimization (SEO) is the technique used to make websites more relevant to search engines and appear on the first page of results to gain clicks and visitors. Cybercriminals have used SEO poisoning for years trying to position their malicious website among the top results to lure victims to visit their pages for different nefarious purposes, from stealing credentials to installing malware. Don’t blindly trust search results and take a look at the URLs before proceeding to click on them.
All social networks will be flooded with football content, from TikTok to Facebook. More and more people use social networks as their main source of news, and we can expect some abuse by the bad guys, from spreading misinformation to malicious offers like the ones described above.
Phishing and malware
Expect to get messages via ads or email using news about the World Cup, inciting to click on links or download and run files, all with the aim of stealing your credentials or infecting your devices.
Finally, here are some tips that will help you stay safe online during the upcoming event and beyond:
- Stick to official sites and app marketplaces when downloading software and updates, avoid downloading apps from third parties. This puts your device at risk of being infected by malicious software or malware which may allow hackers to gain control over your device and access your data.
- Avoid clicking on suspicious links, such as links sent from unknown senders, regarding purchases, for example, that you did not make, or related to accounts you do not have, or links that do not match the service being referred to in messages. This allows cybercriminals to access your information and install spyware, ransomware or any type of malware on your devices.
- Enable two-factor authentication wherever possible. This adds an extra layer of protection on your device. If a hacker gains access to your account by securing confidential passwords, the intruder will no longer be able to access your information as a password is not enough, the owner of the account must approve the second factor.
- Use a strong and unique password when you create an online account, or even better, use a password manager to take care of this for you. Passwords act as the first line of security against hackers accessing your devices and personal data.
- Use a reliable antivirus or security software. This allows continuous protection against online threats or attacks by detecting and taking action against malicious software on devices. Antivirus software is an essential step to maintaining full protection over your information and having a good security strategy.