Zscaler has issued a warning to soccer fans who want to watch the World Cup online via streaming services.
The company’s latest product Zscaler TheaterLabz (opens in a new tab) Research has shown that there has been a recent spike in cyberattacks targeting soccer fans using fake streaming sites and lottery scams that “take advantage of the rush and excitement of these extraordinary events to infect users with malware.”
The study showed a recent surge in World Cup-related domain registrations, which is to be expected as more companies increase their football-related online offerings.
Numerous threats
Following an analysis to “eliminate hidden criminals”, Zscaler presented a number of alarming case studies.
Of greatest concern is the use of legitimate sites and portals – including Xiaomi, Reddit, OpenSea and LinkedIn – being hijacked to post fake streaming links.
Among them is one example where victims are tricked into visiting a malicious website that allegedly offers a live stream of the opening ceremony of the 2022 FIFA World Cup.
However, this redirects to a fake streaming site hosted on Blogspot where users are asked to create an account for free access to watch the live stream by providing personal or payment details to the scammers.
The attackers also target users with malicious cracked versions of games related to FIFA or football as a whole, including scam sites trying to charge fake tickets or steal payment card details.
ThreatLabz also uncovered a scam involving the offering of cash prizes and airline tickets to users by Qatar Airways, as well as another campaign involving the sending of fake lottery emails and impersonating the Qatar FIFA World Cup 2022 lottery committee.
Overall, the company suggests users are wary of promises of match tickets, airline tickets, and themed lottery draws.
Fortunately, the warning does not come without solutions. In addition to using authorized providers and verified sites, Zscaler advises you to avoid downloading any software or games from untrusted sites and to pay attention to fraudulent emails, which can be checked in a number of ways, including verifying the sender’s domain.
Further security procedures are also recommended, such as using HTTPS/secure connections, two-factor authentication (2FA), and even setting up a firewall.