Zscaler has warned football fans not to look at the video. World Cup online via streaming websites
The company’s most recent Zscaler theatLabz (opens new tab) research found there has been a recent spike in cyber attacks targeting football fans using fake streaming sites and lottery scams, which is “leveraging the rush and excitement around these uncommon events to infect users with malware.”
According to the study, there has been a significant increase in domain registrations related to the World Cup is to be expected as more businesses expand their football-related offerings online.
Following analysis to “weed out hidden offenders”, Zscaler has presented a number of alarming case studies.
The most concerning aspect is the hijacking of legitimate portals and websites – such as Reddit and OpenSea – to post fake streaming link.
One example is where victims are lured to visit a malicious website claiming to provide live streaming of FIFA World Cup 2022 Opening Ceremony
This redirects to a fake streaming website hosted by Blogspot. Users are asked to create an account to get free access to live streaming events. They also have to give out personal data or payment information to the scammers.
Attackers are also targeting users with malicious cracked version of games related to FIFA or football as a whole, including scam sites trying to collect fake ticket fees or steal payment card details.
ThreatLabz also discovered a scam in which users were offered prizes and tickets to Qatar Airways. Another campaign sent fake lottery emails, pretending to be from Qatar FIFA. World Cup 2022 lottery committee.
The firm recommends that users be wary of any promises of airline tickets, match tickets, or themed lottery draws.
Fortunately, the warning doesn’t come without solutions. Zscaler suggests that you only use authorized vendors and sites that are verified. It also recommends that you avoid downloading software or games from untrusted websites.
Additional safety measures, such as using HTTPS/secure connections and two-factor authentication (2FA), or setting up a firewall, are recommended.