Three best ways to stay cyber secure during the World Cup

With an estimated 5 billion people watching the World Cup from around the world, the event will undoubtedly take center stage in the coming weeks. As the teams advance through the tournament in hopes of reaching the final, fans will become even more invested in their national team’s success, with many placing bets or even traveling to Qatar to show their support in person. However, as the competition heats up, fans must remain vigilant against the increased cybersecurity risks posed by threat actors, who are exploiting the situation by launching numerous phishing campaigns.

What is Phishing?

Phishing is a type of cyberattack in which malicious actors send messages posing as from a trusted individual or company. Phishing messages are intended to trick users into performing a specific action, such as downloading a malicious file, clicking a suspicious link, or disclosing sensitive information. A phishing attack is typically delivered via SMS, email, social media, or other forms of electronic communication.

The emails that the target receives during a phishing campaign will appear to come from a known contact or organization. Attackers frequently create fake websites that look like a trusted entity, such as the target’s bank, workplace, or university. Attackers attempt to collect private information such as usernames and passwords, as well as payment information, via these sites.

Many of the recent campaigns in this case are related to the sale of last-minute tickets or the announcement of the winner of a sporting bet. These messages or websites typically contain malicious links that, when clicked, either deploy malware and infect the device or request login information that hackers can then steal.

World Cup scams on the rise

Avanan, a Check Point company, has already reported an increase in World Cup-related phishing emails in a variety of languages. Many of the reported scams have been centered on sports betting, with the goal of luring victims into providing banking information. The images below show a few recent examples of hackers impersonating legitimate betting sites.

In light of this recent wave of phishing scams, Check Point Software has provided three practical tips that allow fans to focus on the game:

1. Be aware of imitation: Many scam websites will use a domain name similar to the brand they are trying to replicate, but with additional letters or misspellings. To ensure that you are not handing over your banking information to scammers, pay attention to the URLs to check if there is anything unusual or suspicious. By taking a minute to look for tell-tale signs that a website may be fraudulent, you can quickly determine its legitimacy.  

2. Never share your credentials: Credential theft is a common goal of phishing emails. Many people reuse the same usernames and passwords across different accounts, so stealing the credentials for a single account is likely to give an attacker access to others. Not all attacks are direct either. Some phishing emails carry malware, such as keyloggers or trojans, that are designed to monitor when you type passwords into your computer. Never tell anyone your password, and, if an email sends you to a login page, visit the site directly and sign in from there to protect against lookalike phishing sites.

3. Secure your mobile device: With most of us now accessing our emails from our phones and with hackers now also sending malicious text messages, it’s important that our mobile devices are protected from the newest threats as well. Once granted access, a cybercriminal can steal an incalculable amount of information and a breach can even put the victim’s known contacts at risk. As a result, it is essential to make use of preventative mobile threat defense solutions that protect devices against advanced mobile threats.

Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East said: “The World Cup is a time when international communities come together and we shouldn’t be discouraged from participating. However, you cannot ignore that cybercriminals will up the ante when they are presented with an opportunity to make a quick cash grab or steal credentials that they can sell on the Dark Web. This World Cup has already raised cybersecurity concerns, with many security experts warning the public over data privacy concerns with the official app. This, alongside the influx of phishing scams, means it is important that we take the necessary steps to keep ourselves protected.

“These recent campaigns act as a reminder to scrutinize any emails you receive and take a moment before clicking on a link or handing over your data. By focusing on preventative measures, we can still enjoy events such as the World Cup without the threat of a worrying cyberattack.”

To mark the occasion, Check Point has created a World Cup themed live cyber threat map. This details the volume of attacks, the top targeted countries and industries, and the most used malware types in the last day.