Scammers using FIFA World Cup as a lure
Scammers using FIFA World Cup as a lure

The FIFA World Cup is set to start in less than two weeks, and just like the Seoul Winter Olympics cybercriminals are lining up to take advantage of fans searching for tickets or deals.

Kaspersky Labs has put together a long list of World Cup-related scams that should make anyone interested in attending think twice before clicking. To lull their victims into a false sense of security criminals are buying inexpensive SSL certificates and registering URL that upon a quick glance look legit, such as russia2018, russiaworldcup.com.

  • Since everyone likes to win something, one of the biggest campaigns being run centers on fake ticket lottery win notifications. These lotteries, supposedly held by event sponsors like Coke, Visa and Microsoft, come via email and usually contain a PDF or other attachment congratulating the recipient on winning free tickets. The attachment can contain a banking trojan or simply be after user data.

  • Another spin on this is spam asking the recipient to enter into a contest to win a trip or free tickets. In this case, the malicious actors require a certain amount of contact info, like email addresses, which they use to update their databases in order to send out additional spam.

  • Those searching for tickets on sale have to be aware of where they make their purchase. Kaspersky has spotted several sites selling fake tickets, along with others that are selling legitimate tickets, but at scalper-level prices. Tickets should only be purchased at the official FIFA site.

  • Scammers are also creating fake FIFA and sponsor sites designed to extract personal and financial data. Fake Visa sites are particularly popular with threat actors as that company is a primary sponsor and by enticing people, to what appears to be an official Visa website they can try and steal payment card information.

  • These fake websites, in addition to their primary nefarious plan, can also host a wide variety of malware. One of the methods being used is offering a malicious Flash Player which can be used to view the games.