The 2018 FIFA World Cup has drawn a worldwide audience. It's also attracted phishing scams using event tickets as bait.
Tickets for the matches can only be purchased legitimately through the FIFA website using a multilayered process. This is done for both business and security reasons. Individuals are permitted to buy one ticket only, and then, once that purchase is complete, they're permitted to buy three additional guest tickets registered for specific individuals.
When tickets went on sale the FIFA website predictably experienced a massive surge. Many fraudsters purchased legitimate tickets to use as bait for unsuspecting fans. Fraudsters set up a large number of domains relating to the World Cup to sell their guest tickets.
Many sites offered tickets well above face value. Kaspersky labs experts noted some ticket prices as high as 10 times the original cost. The sites required full payment up front for the tickets, which were frequently replaced with phony unusable duplicates, or were simply never delivered at all.
In any case the fraudsters had the customers' cash and, worse yet, their payment information in hand. Payment information could be used subsequently in other fraud.
Kaspersky lab spokesman Andrey Kostin noted this type of cyber fraud can lead to further theft. It's not innocent ticket scalping. Kostin urged soccer fans to be extra vigilant when buying tickets, and to work only with authorized sellers.
This isn't semi-innocent ticket scalping. And in any case, would you hand your credit or debit card over to a scalper standing in a stadium parking lot? We wouldn't either, but that's effectively what you'd be doing if you buy from World Cup scalpers.
As always, scams follow major events. Here are some protective steps to bear in mind not only for the World Cup, but for everything from a minor league hockey game to the America's Cup yacht races:
- Only purchase tickets from official sources. Check the site address.
- Don't click on links in event-themed emails, texts, or instant messages.
- Consider using a separate bankcard and account with a limited balance specifically for on-line purchase.
- De-risk your data by installing a reliable security solution with up to date information on phishing sites.
And, of course, some training against social engineering never hurts. The Mercury has the story:
If you are in South Africa, check out Popcorn Training, a KnowBe4 company. They can provide you with the full KnowBe4 platform.