Fake broadcast sites with World Cup matches, targeting malicious actions – hacking

Latest company research Zscaler TheatLabz It found that there has been an increase in cyberattacks targeting football fans using fake streaming sites and lottery scams, which “take advantage of the rush and excitement surrounding these events to infect users with malware”.

The study found a recent increase in World Cup-related domain registrations, which is to be expected as more and more companies ramp up their soccer-related offerings online.

After analysis, Zscaler presented a series of disturbing results. Of greater concern was the use of legitimate websites and portals — including Xiaomi, Reddit, OpenSea, and LinkedIn — through which fake streaming sites were posted. This included a case where victims were lured into visiting a malicious website that claimed to be offering a live stream of the 2022 FIFA World Cup Opening Ceremony. However, this was redirected to a fake broadcast site hosted on Blogspot where users were required to create an account for free access to the live stream. By giving personal information or payment information to scammers.

Impressively, attackers also target users with cracked versions of games related to FIFA or soccer as a whole, including malicious websites that attempt to collect fake ticket fees or steal payment card details.

ThreatLabz has also identified a scam where users were offered cash prizes and airline tickets from Qatar Airways, as well as another campaign that sent fake lottery emails and pretended to be the Qatar 2022 World Cup lottery committee. In general, the company advises users to beware of promises of game tickets and tickets Aviation and lottery draws.

Fortunately, the warning doesn’t come without suggested solutions. In addition to using verified vendors and official websites, Zscaler recommends that you avoid downloading software or games from untrusted sites. In addition, users should be aware of malicious emails, which can be checked in several ways, including checking which email the sender is using. Additional security measures are also recommended, such as using HTTPS/secure connections, two-factor authentication (2FA), and even setting up a firewall.