Home / / World Cup football fans defrauded in online ticket scams: Kaspersky

World Cup football fans defrauded in online ticket scams: Kaspersky

Fraudsters also collect users’ private data, including payment information, to steal more funds in the future

World Cup football fans defrauded in online ticket scams: Kaspersky
Fraudsters have set up hundreds of domains with wording related to the World Cup, to sell their guest tickets.

Kaspersky Lab experts have identified phishing emails from fraudsters offering users the chance to snap up much sought after ‘guest’ tickets to the 2018 FIFA World Cup – but at a higher price than fans bargained for.

Some tickets are on offer at ten times their original price, and while the tickets are likely to be unusable - due to a strict registration and transfer procedure - fraudsters are taking the money and collecting users’ private data, including payment information, to steal more funds in a twofold monetisation scam.

Major events always attract fraudsters’ attention, with the noise and excitement around them making it easier for attackers to prey on their potential victims’ lack of vigilance. Recipients are drawn to the seemingly legitimate emails, which focus on global sporting championships watched by big audiences across the world. The upcoming World Cup is no exception.

This event is particularly interesting because there are a number of obstacles complicating the process of buying tickets. For instance, tickets can only be purchased on the official FIFA website and the procedure is multilayered and sophisticated for security reasons. Ordering a ticket takes place in three stages and only one ticket per person is allowed. The exception to this is guest tickets, which allows the purchaser to buy up to three additional tickets. However, these are registered to specific names and can only be changed if the holder applies to transfer the intended recipient to another. Despite this complicated process, fraudsters have used this to their advantage.

When the window to purchase tickets opened, the official website experienced a massive surge in users attempting to order their tickets, which led to connection problems. During the process, fraudsters bought up as many tickets as they could with the aim of selling them on to a desperate fan base. With tickets now sold out, many people have been left with no alternative but to go to touts or third parties in order to be at a game.

Fraudsters have set up hundreds of domains with wording related to the World Cup, to sell their guest tickets. Many have increased the price to more than double face value, with some tickets available at up to 10 times the original cost, according to Kaspersky Lab experts. With full advance payment required, there is no guarantee that fraudsters will forward the tickets, that guest tickets reserved for other people will work at a stadium, or that they will be genuine. What is guaranteed, however is that the payment information used to buy the tickets will give scammers all they need to collect additional funds from the user in the future.

Kaspersky Lab’s anti-phishing system detects and blocks fraudulent emails and websites to thwart such scams, the company says.

A number of simple steps football fans can follow to keep themselves and their money safe, both during the World Cup and beyond, include,

Only buy tickets from the official sources and always double check the site address and the links you want to follow

- Do not click on links in emails, texts, instant messaging or social media posts if they come from people or organisations you don’t know, or have suspicious or unusual addresses

Have a separate bank card and account with a limited amount of money, specifically for online purchases. This will help to avoid serious financial losses if your bank details are stolen

De-risk the data. i.e. It is better to install a reliable security solution with up-to-date databases of malicious and phishing sites.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.