New Phishing Scams Plague World Cup

By:  |  Category: Blog Wednesday, June 6th, 2018  |  No Comments
World Cup

It’s soccer time!

The 2018 FIFA World Cup attracts a worldwide audience. It’s also a magnet for phishing scams using event tickets as bait.

Tickets for the matches can only be purchased through the FIFA website using a multilayered process. This is done for both business and security reasons. Individuals are permitted to buy one ticket only, and then, once that purchase is complete, they’re permitted to buy three additional guest tickets registered for specific individuals.

As soon as tickets went on sale, the FIFA website experienced a massive surge.

Unfortunately, regular attendees and criminals  purchased legitimate tickets to use as bait for unsuspecting fans. Fraudsters set up a large number of domains relating to the World Cup to sell their guest tickets.

These sites offered tickets well above face value. Kaspersky labs experts noted some ticket prices as high as 10 times the original cost. The sites required full payment up front for the tickets, which were often replaced with phony unusable duplicates, or never delivered at all.

Once the money was gone and payment information compromised, the site would disappear.

Kaspersky lab spokesman Andrey Kostin noted this type of cyber fraud can lead to further theft. It’s not innocent ticket scalping. Kostin urged soccer fans to be extra vigilant when buying tickets, and to work only with authorized sellers.

This your run of the mill ticket scalping. It’s not like you would hand over your credit or debit card over to a scalper standing in a stadium parking lot, right? Unfortunately, what you’d be doing if you buy from World Cup scalpers on a compromised site.

As a rule of thumb, scams follow major events.

Here are some protective steps to practice, not only for the World Cup, but for everything from a minor league hockey game to the America’s Cup yacht races:

Only purchase tickets from official sources. Check the site address.

Don’t click on links in event-themed emails, texts, or instant messages.

Consider using a separate bankcard and account with a limited balance specifically for on-line purchase.

De-risk your data by installing a reliable security solution with up to date information on phishing sites.

Last, training against social engineering never hurts.

Full story at The Mercury:

If you need assistance with a cyber solution give EnhnacedTECH a call at 714-970-9330 or contact us at [email protected]


Leave a Comment
Read previous post:
Should I Unplug my Router?

At our cyber security breakfast with FBI Agent Todd Munoz, one of the big questions that came up was how...