Ensure cyber-criminals do not score with your data during 2022 FIFA world cup

With an estimated 5 billion people tuning in to the World Cup from across the globe, the event will undoubtedly take center stage over the next few weeks. As the teams progress through the tournament in a bid to make the final, fans will only become more invested in the success of their national squad, with many placing bets or even traveling to Qatar to show support in person. But, as the competition hots up, it’s important that fans remain vigilant against the increased cybersecurity risks posed by threat actors, who are taking advantage by launching numerous phishing campaigns.

What is Phishing?

Phishing is a type of cyberattack where malicious actors send messages pretending to be from a trusted person or company. Phishing messages are designed to manipulate a user into performing an action, such as downloading a malicious file, clicking a suspicious link, or divulging sensitive information. The basic delivery of a phishing attack is through SMS, email, social media, or other electronic communication means.

In a phishing campaign, the emails that the target receives will appear to come from a known contact or organization. Attackers often set up fake websites that resemble a trusted entity like the target’s bank, workplace, or university. Through these sites, attackers attempt to collect private information such as usernames and passwords, or payment information.

In this instance, many of the recent campaigns are related to the sale of last-minute tickets or announcing the win of a sporting bet. These messages or websites usually include malicious links that, once clicked, deploy malware and infect the device or ask for login details that hackers can then steal.

Here in India, an organization in India is being attacked on average 1798 times per week in the last 6 months, compared to 1126 attacks per organization globally, with 88% of the malicious files in India delivered via Email in the last 30 days. It is evident that such phishing emails would have reached online users in India already.

World Cup scams on the rise

Avanan, a Check Point company, has already reported an influx in phishing emails related to the World Cup, deployed in a variety of languages. Many of the scams reported have been centered around sports betting, trying to lure victims into handing over banking details. The images below highlight a few recent examples of hackers pretending to be legitimate betting sites.

In light of this recent wave of phishing scams, Check Point Software has provided three practical tips that allow fans to focus on the game:

1. Be aware of imitation: Many scam websites will use a domain name similar to the brand they are trying to replicate, but with additional letters or misspellings. To ensure that you are not handing over your banking information to scammers, pay attention to the URLs to check if there is anything unusual or suspicious. By taking a minute to look for tell-tale signs that a website may be fraudulent, you can quickly determine its legitimacy.  
2. Never share your credentials: Credential theft is a common goal of phishing emails. Many people reuse the same usernames and passwords across different accounts, so stealing the credentials for a single account is likely to give an attacker access to others. Not all attacks are direct either. Some phishing emails carry malware, such as keyloggers or trojans, that are designed to monitor when you type passwords into your computer. Never tell anyone your password, and, if an email sends you to a login page, visit the site directly and sign in from there to protect against lookalike phishing sites.
3. Secure your mobile device: With most of us now accessing our emails from our phones and with hackers now also sending malicious text messages, it’s important that our mobile devices are protected from the newest threats as well. Once granted access, a cybercriminal can steal an incalculable amount of information and a breach can even put the victim’s known contacts at risk. As a result, it is essential to make use of preventative mobile threat defense solutions that protect devices against advanced mobile threats.

Harish Kumar, Head, Enterprise, Check Point Software Technologies, India & SAARC, “The World Cup is a time when international communities come together, and we shouldn’t be discouraged from participating. However, you cannot ignore that cybercriminals will up the ante when they are presented with an opportunity to make a quick cash grab or steal credentials that they can sell on the Dark Web. This World Cup has already raised cybersecurity concerns, with many security experts warning the public over data privacy concerns with the official app. This, alongside the influx of phishing scams, means it is important that we take the necessary steps to keep ourselves protected.

“These recent campaigns act as a reminder to scrutinize any emails you receive and take a moment before clicking on a link or handing over your data. By focusing on preventative measures, we can still enjoy events such as the World Cup without the threat of a worrying cyberattack,” he further added.