Reports have indicated that an influx of phishing emails related to the World Cup have centered around sports betting in attempts to lure victims into handing over banking details.
With an estimated 5 billion people tuning in to the World Cup from across the globe, the event has taken center stage this autumn/winter.
As the nations progress through the tournament in a bid to make the final, fans will only become more invested in the success of their national squad, with many placing bets or even travelling to Qatar to show support in person.
But, as the competition hots up, it’s important that fans remain vigilant against the increased cybersecurity risks posed by threat actors, who are taking advantage by launching numerous phishing campaigns.
Phishing is a type of cyberattack where malicious actors send messages pretending to be from a trusted person or company. Phishing emails are designed to manipulate a user into performing an action, such as downloading a malicious file, clicking a suspicious link, or divulging sensitive information.
The basic delivery of a phishing attack is through SMS, email, social media, or other electronic communication means.
Attackers often set up fake websites that resemble a trusted entity like the target’s bank, workplace, or university. Through these sites, attackers attempt to collect private information such as usernames and passwords, or payment information.
During the World Cup, many of the recent phishing campaigns are related to the sale of last-minute tickets or announcing the win of a sporting bet. These messages or websites usually include malicious links that, once clicked, deploy malware and infect the device or ask for login details that hackers can then steal.
With World Cup betting scams on the rise, we have put together some guidance on what to look out for:
Cybercriminals will up the ante when they are presented with an opportunity to make a quick cash grab or steal credentials that they can sell on the Dark Web, and a global event like the World Cup is prime time for them.
This World Cup has already raised cybersecurity concerns, with many security experts warning the public over data privacy concerns with the official app. This, alongside the influx of phishing scams, means it is important that necessary steps are taken to keep yourself protected.
If you own a business and employ staff with access to an email system, or supply employees with tech such as tablets and phones, you may wish to consider Security Awareness Training.
Delivered by our cadre of students - who have become experts on the subject of cyber security - the EMCRC will help train your staff so they can spot the tell-tale signs of phishing, vishing, smishing et al, and how to protect themselves from threats online.
Your staff can become a barrier to cyber-attacks and malicious activity. For more information, contact us about Security Awareness Training and read about the national Cyber Path programme and how it can deliver the training alongside the EMCRC.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
Click to Open Code Editor