The 2018 FIFA World Cup isn’t just a haven for soccer fans – according to Israeli cyber security firm Cyberint, it’s a haven for cyber criminals too.
According to Cyberint, what the company calls the World Cup’s “cyber environment” – which includes nearly 800 domains using FIFA-related terms – includes 76 unofficial streaming video sites, 32 unofficial merchandise sites, 12 suspended hosting accounts, 11 gambling sites, and nine “suspicious” sites.
“A global sports event of this magnitude, much like the PyeongChang 2018 Olympic Winter Games, is always a tempting target for cyber threat actors,” Cyberint CEO Amir Ofek said in a July 12 statement. ”Unfortunately, in the case of FIFA, the criminals raised the bar.”
While Cyberint has not identified any specific World Cup-related phishing links circulating through email inboxes, the company warns that unofficial merchandise, streaming, and gambling sites are often fronts for making fraudulent charges or stealing personal or financial data.
Most, if not all, of the video streaming sites identified redirect to suspicious, low-reputation “download” sites that claim to offer access to potentially copyright-infringing content or charge payment cards after a “trial period,” it notes.
“Criminals will always try to exploit a major event that attracts thousands, all of whom are viewed as sheep waiting to be fleeced for huge profits,” Ofek said. “The world’s upcoming biggest sporting event is the 2020 Tokyo Olympic games, and the threat actors are already preparing their grounds and tool sets to attack ticket buyers, fans, and VIPs.”
Cyberint summarized its findings in a handy infographic, which you can view below.