Zscaler has issued a warning to soccer fans looking to watch the World Cup online via streaming sites.
The latest version of the company Zscaler TheatLabz (Opens in a new tab) Research has found that there has been a recent rise in cyberattacks targeting football fans using fake streaming websites and lottery scams, which “take advantage of the rush and excitement around these uncommon events to infect users.” malware. “
The study found a recent increase in domain registrations related to the World Cup, due to which more companies are expected to ramp up their online football-related offerings.
Numerous threats
After analyzing “weeding out hidden criminals”, Zscaler presented a number of case studies of concern.
Of greatest concern is the use of legitimate websites and portals – including Xiaomi, Reddit, OpenSea and LinkedIn – that are being hacked to post fake broadcast links.
This included one example where victims are lured into visiting a malicious website purporting to offer a live stream of the 2022 FIFA World Cup opening ceremony.
However, this redirects to a fake broadcast site hosted on Blogspot, where users are required to create an account for free access to watch the live broadcast event, or to give personal information or payment data to scammers.
Attackers also target users with a malicious cracked version of games related to FIFA or soccer as a whole, including scam sites that attempt to collect fake ticket fees or steal payment card details.
ThreatLabz also discovered a scam where Qatar Airways offered users prize money and airline tickets, and another campaign that sent fake sweepstakes emails and pretended to be a lottery committee for the 2022 FIFA World Cup Qatar.
In general, the company notes that users are wary of promises of match tickets, airline tickets and lottery draws.
Fortunately, the warning does not come without solutions. In addition to using verified resellers and verified sites, Zscaler recommends that you avoid downloading any software or games from untrusted sites and be aware of phishing emails, which can be checked in several ways including checking the sender’s domain.
More security measures, such as using HTTPS / secure connections, two-factor authentication (2FA), and even setting up Firewall Also recommended.