Football fans are being urged to take extra care online during the 2022 World Cup as cybersecurity experts report a sharp rise in the number of fake streaming websites and other associated scams.
Cybersecurity firm Zscaler said scammers were leveraging the rush and excitement around the sporting event to steal user data and/or infect users with malware.
Zscaler researchers said they had observed a marked increase in newly registered domains related to the FIFA World Cup, similar to the rise in sites and cyber attacks observed during the 2020 Tokyo Olympics.
Also read: NAB warning for 8.5 million customers
Here are some of the scams you and your family should watch out for:
1. Fake streaming sites
Fake streaming sites claim to offer free streaming of FIFA World Cup matches but, instead, send users down a redirection rabbit hole before prompting them to enter payment card details.
These websites will usually come with an assurance that your card is just for verification, or use the marketing tactic of a free trial, duping otherwise-wary customers into handing over their payment info.
In Australia, all FIFA 2022 World Cup matches are broadcast 100 per cent free on SBS, SBS Viceland or SBS On Demand, so leave the scam sites alone and tune into the Australian broadcaster for virus-free viewing.
2. Fake ticketing sites
As the FIFA World Cup kicked off, researchers observed a rapid rise in threats and scam sites related to the event itself. Many newly registered sites offering World Cup tickets are being hosted by scammers trying to trick users into paying good money for fake tickets.
Legitimate FIFA 2022 World Cup tickets are available direct from the FIFA website.
With flight prices to Qatar being sky-high right now, you should also watch out for websites offering cheap flights to Doha. If you're planning your World Cup journey late, get ready to pay $5,000 or more each way from Sydney, and only book direct with Qatar Air or via a reputable travel agent.
3. Infected downloads
Zscaler's ThreatLabz has also noticed genuine football fan blogs that rank on Google being compromised by attackers, who then encourage users to download infected files, generally disguised as a PDF.
The best way to avoid getting stung like this is sticking to official news sources and websites like Flashscore or Yahoo Sports, which will tell you everything you need to know and never ask you to download anything.
Only ever download PDF files from reputable sources. Other possible vectors include websites offering pirated or 'cracked' copies of games such as FIFA 2023 - video game piracy is illegal and it's also a great way to get yourself hacked.
Stay safe online cheat list:
Book FIFA World Cup airline tickets only from authorised vendors and verified sites
For online streaming, only use the FIFA World Cup's streaming partner's website (SBS ON Demand)
Beware of fraudulent emails related to lottery or giveaway scams
Avoid downloading 'cracked' software and games
Don't fall for exciting "too good to be true" offers and avoid suspicious links or documents
Always make sure you are utilising HTTPS/secure connections
Use two-factor authentication wherever possible, especially on sensitive accounts like banking
Always ensure your operating system and web browser are up to date
Back up your files regularly so you have ransomware redundancy