While identity theft and online fraud occur throughout the year, fraudsters are particularly prolific at special dates and events, and the World Cup provides fertile ground for the proliferation of scams.
A few examples:
- In the months leading to the World Cup, an online fraud scheme was uncovered in Brazil, where fraudsters took advantage of the craze around the soccer stickers to create a fake website where victims were giving up personal data with the promise of winning “an album and 400 stickers for free.”
- A recent news article highlighted how fake websites purporting to offer live online streaming of the soccer matches would direct users to a “free trial” prompt, where credit card information “for validation purposes only” was required. The credit card information was ultimately used for unauthorized payments. Similarly, false websites posing as official and licensed online betting platforms are also widely exploited to lure users to provide payment information. Fake ads for these services, often featuring football imagery and World Cup related themes, play a big part in attracting victims.
- Malware is often leveraged by cyber criminals to gain access to mobile devices and computers during large events and occasions like the World Cup. A recent article by a major antivirus provider highlighted that seemingly harmless files—such as a cheat sheet for World Cup stickers collectors—may be the entry point for viruses and other threats.
- The centuries-old advance-fee fraud could not be absent. A recent BBC article reported that fraudsters were directing messages to victims stating that they had won cash prizes or tickets to World Cup games. In these cases, victims were tricked into transferring funds in order to claim valuable prize winnings.
So, what can companies and individuals do to ensure that their data is safe from online threats, especially during the World Cup, and that their staff do not fall victim of scams targeted at soccer fans?
- Always be on alert for fraudulent websites, which can look very close to the “real deal.” Special attention should be paid to spelling mistakes, unusual URLs or expired security certificates.
- Credit card details and personal information should only be shared with trusted and reputable websites, on a needs basis. Never enter credit card details on websites that claim they need those details for validation purposes.
- Phishing attacks using convincing themes can be prevalent during special events or occasions. Links and email attachments are particularly risky, especially if the message is unsolicited and request personal data.
- Fraudsters may use information gathered from social media, such as location or even sporting team preferences, for targeted attacks. Details shared on platforms such as Instagram or Facebook may provide scammers with valuable leads to conduct online fraud. Be cautious about what you post online.
Fraudsters are always looking to take advantage of current events to gain access and exploit the most they can from victims. It’s critical not to get swept up in the excitement: By being vigilant and keeping safeguards top of mind, organizations and individuals can protect their assets from bad actors 365 days a year.