loader gif

FIFA World Cup 2018: Cybercriminals kick off themed online scams using fake tickets and travel websites

FIFA World Cup 2018: Cybercriminals kick off themed online scams using fake tickets and travel websites

In less than a month, the heavily anticipated 2018 FIFA World Cup in Russia will soon captivate millions of football fans around the globe as 32 national teams battle it out for the top spot. As is the case with most popular, heavily covered events, the soccer extravaganza is also a particularly lucrative opportunity for fraudsters and cybercriminals to exploit.Kaspersky Lab researchers say scammers have already begun heavily targeting fans using World Cup-themed spam emails and phishing pages, particularly during match ticket sales.

"Every time tickets went on sale, fraudsters mailed out spam and activated clones of official FIFA pages and sites offering fake giveaways allegedly from partner companies. But as the event draws nearer, cyber scams are reaching fever pitch," researchers said in a Monday blog post.

One type of soccer-themed spam email observed by researchers notifies recipients that they have won cash in a lottery purportedly held by FIFA, its official partners and sponsors like Microsoft, Visa, Coca-Cola and Microsoft. The message typically comes with a PDF or DOCX document congratulating the "winner" and prompts them to send over their contact details to receive the cash prize. In some cases, the recipients are also asked to part the bank transfer fees or a part of the postage costs.

While these mail campaigns typically focus on harvesting users' personal and financial information, along with a small sum of money, the attachments may also be laced with malware such as Trojan Banker programs.

Another commonly used spam email involves an offer to participate in a ticket giveaway or win a trip to a match. The victims are usually asked to register on a fake promotion page where they hand over their personal details, or forward their contact details to the "organizers."

"Such messages are sent in the name of FIFA, usually from addresses on recently registered domains," researchers said. "The purpose of such schemes is mainly to update email databases so as to distribute yet more spam."

Researchers have also observed plenty of advertising spam promoting offers for soccer merchandise plastered with official logos, match tickets, travel packages from different tour operators, and transport or accommodation services.

In many cases, the messages for these spam ads resemble mailings from the official FIFA store. In others, the spam email just uses the World Cup in the subject line to attract attention and lure fans, but actually promote a different product.

Cybercriminals are also using fake, cloned websites of FIFA or official partners to dupe victims as well. Complete with a well-designed, working interface and stolen logos, these fake promotion websites promise tickets and other giveaways for visitors but actually aim to steal your personal, financial and bank card credentials.

To make these websites appear credible, cybercriminals register domain names that combine keywords like "world", "worldcup", "Russia" and "FIFA" and acquire cheap SSL certificates to get "HTTPS" in front of their address to seem legitimate and safe.

Fraudsters also use cleverly designed "official" FIFA notifications and fraudulent Visa prize giveaways, exploiting the tournament's commercial sponsor to appear legitimate and trick victims.

"Scammers also try to extract data by mimicking official FIFA notifications. The victim is informed that the security system has been updated and all personal data must be re-entered to avoid lockout," researchers warn. "Cybercriminals are particularly keen to target clients of Visa, the tournament’s commercial sponsor, and offer prize giveaways in the name of this international payment heavyweight."

In late May, researchers said phishing emails offering free or cheap flights from major airlines have become quite popular in the weeks leading up to the tournament. As the event draws near, cybercriminals are expected to expand these campaigns to target as many users as possible using multiple domain names, social engineering tactics and increasingly enticing "special offers" to lure victims.

Users are advised to be wary of any too-good-to-be-true deals or offerings related to the 2018 FIFA World Cup and carefully check the addresses of links in notifications, emails or websites - even from known services. Beware of links and attachments in emails from unknown senders and only purchase merchandise and tickets from the official FIFA website and stores.

loader gif