Fake World Cup streaming sites are targeting virtual fans
>
Zscaler has issued a warning to football fans who want to watch the World Cup online via streaming sites.
The latest from the company Zscaler TheaterLabz (opens in new tab) research has found that there has been a recent spike in cyberattacks targeting football fans using fake streaming sites and lottery scams, which “use the excitement and excitement surrounding these unusual events to infect users with malware.”
The study found a recent surge in domain registrations related to the World Cup, which is to be expected as more companies expand their football-related offerings online.
Numerous threats
After analysis to “wipe out hidden offenders,” Zscaler has presented a number of alarming case studies.
Most concerning is the use of legitimate websites and portals – including Xiaomi, Reddit, OpenSea and LinkedIn – which are being hijacked to post fake streaming links.
This included an example where victims were tricked into visiting a malicious site claiming to offer live streaming of the 2022 FIFA World Cup opening ceremony.
However, this redirects to a fake streaming site hosted on Blogspot, where users are asked to create an account for free access to watch the live streaming event, giving away personal information or payment details to the scammers.
Attackers also target users with a maliciously cracked version of games related to FIFA or football as a whole, including scam sites that attempt to collect counterfeit ticket funds or steal payment card details.
ThreatLabz has also uncovered a scam offering users prize money and airline tickets from Qatar Airways, and another campaign sending fake lottery emails posing as a Qatar FIFA World Cup 2022 lottery commission.
As a whole, the company suggests users be wary of promises of match tickets, plane tickets, and themed lottery draws.
Fortunately, the warning does not come without solutions. In addition to using authorized vendors and verified sites, Zscaler recommends avoiding downloading software or games from untrusted sites and being aware of fraudulent emails, which can be checked in a number of ways, including verify the sender domain.
Further security procedures such as using HTTPS/secure connections, two-factor authentication (2FA) and even setting up a firewall are also advised.