Be on the ball and avoid falling foul of cybercriminals at World Cup

Be on the ball and avoid falling foul of cybercriminals at World Cup

Jan van Vliet, VP and GM EMEA at Digital Guardian, discusses cyber-risks associated with the World Cup

As the drama of the World Cup intensifies, football fans around the globe will be readying themselves for the final stages of the tournament. And as cybercriminals also prepare for the spectacle,  Jan van Vliet, VP and GM EMEA at Digital Guardian, offers some advice about how to stay ahead of cyberthreats.

After months of anticipation the World Cup is well and truly upon us. This global event attracts fans from all over the world and is one of the most-watched live events on television. And as we lose ourselves in the thrills and spills of the beautiful game, keeping cybersafe is probably the last thing on our minds. But with our attention elsewhere, our guard is down and we leave ourselves open to becoming the cybercriminal’s next target. Below are the top four cyber-risks tournament attendees may face together with advice on how to avoid being a victim of foul play.

Fake tickets

Official tickets for the event sold out months ago. But that hasn’t stopped cybercriminals delivering false hope of a seat at the tournament by selling counterfeit tickets. Posing as official world cup ticket vendors scammers create fraudulent websites that masquerade as official third-party ticket providers. Action Fraud recently issued a warning to fans reinforcing FIFA’s statement that ‘any tickets obtained from any other source, such as ticket brokers, internet auctions or unofficial ticket exchange platforms, will be automatically rendered void and invalid’. If there was ever a case for caveat emptor, this is it.

Email attacks

Phishing is one of the most widely used cyberattack methods and it’s unlikely the World Cup will be exempt.  Scammers are using the promise of those all elusive tickets to craft phishing emails. The email will contain a link where supposedly the recipient can purchase the ticket.  But when clicked, the link releases malware onto the recipient’s computer – or even the company network if the user has opened the link whilst at work.

And to add insult to injury, when users pay for their ticket via the link, hackers can catch their credit card details, causing yet more World Cup heartache.

Alternatively, the victim might pay for the promised ticket and never receive it – and they won’t be able to get their money back. Fraudulent emails and social media posts can also offer links to video clips, downloadable apps, games and other content that can distribute malware to those watching from home. Email scammers may also invite fans to gamble on the World Cup, with criminals themselves betting that those trying to place illegal wagers will be less likely to call police if something goes wrong.

To safeguard against these attacks, users should be cautious of clicking embedded URLs or opening attachments in email. They should also ensure the latest security updates are installed for their operating system, programmes, applications and AV software to prevent common vulnerabilities from being exploited.

Rogue Wi-Fi access points

Fans will inevitably want to share their experience on social media meaning they’ll be searching for Wi-Fi hotspots to let them get online. Criminals can take advantage of this need, by setting up rogue Wi-Fi access points that surreptitiously log activity and data, including un-encrypted usernames and passwords, or even inject malware into web traffic.

While FIFA officials might be able to detect and shut down any rogue access points that pop up at event sites themselves, it is challenging for them to do so everywhere tourists gather. Those who do use open wireless access points can help keep themselves safe by using virtual private networks, which will encrypt traffic even before it passes over the air to reach the access point.

DDoS

It’s also possible that activist hackers or other cybercriminals will try to tamper with the infrastructure surrounding the matches themselves via a denial of service attack. That is, someone may attempt to disrupt the networks officials use to communicate scores and other data in an effort to disrupt the event. One possible attack would be to jam official wireless networks, or to inject data packets that force the networks to repeatedly disconnect, making it hard for data to get through. Ideally, organisers will be able to log those types of attacks and use signal detection hardware to find where the rogue broadcasts are coming from – but the risk is still there.

Ultimately, the World Cup is an event that should be enjoyed, but it is important that people do not let their guard down when it comes to cybersecurity best practices. By being wary of suspicious emails, unsecured Wi-Fi hot spots and potential scams, fans can enjoy the World Cup and give cybercrime the red card.

 

Browse our latest issue

Intelligent CISO

View Magazine Archive