- FBI’s Internet Crime Complaint Center warned of at least 35 spoofed FIFA websites designed to steal personal and financial data from fans
- Fraudsters mimic legitimate domains with subtle spelling or TLD changes
- Officials advise typing FIFA’s URL directly, or avoiding sponsored search results
Hackers spoofing FIFA has gotten so bad that the FBI had to react and issue a public alert to warn people to be careful.
Earlier this week, the FBI’s Internet Crime Complaint (ICC) issued a new alert, warning about the rise in fake FIFA websites looking to steal people’s sensitive information and even money.
Cybercriminals and fraudsters have always tapped into current events in their attacks. The Olympic games, the Covid epidemic, the Russian invasion of Ukraine, and other global events, have been used as a theme in phishing attacks, and fake websites were popping up, distributing malware under the guise of “vaccine information”, or cheap tickets.
Project Glasswing is important
The World Cup is no different. Even eight years ago, TechRadar reported about tickets scams hitting fans worldwide, and back in 2022, fake World Cup streaming sites were targeting virtual fans.
This time around, the FBI says it identified at least 35 spoofed websites which, at first glance, look identical to the real thing with branding, product listing, and all other important details, being carefully placed.
“Threat actors often create spoofed websites by slightly altering characteristics of legitimate website domains, with the purpose of gathering personally identifiable information (PII) entered by a user into the site, including name, home address, phone number, email address, and banking information,” the FBI said.
“For example, spoofed website domains may feature alternate spellings of words or use an alternative top-level domain to impersonate a legitimate website. Members of the public could unknowingly visit spoofed websites while attempting to access FIFA’s website.”
The FBI recommends users going to the FIFA website by typing in the address directly. Those using the search engine should avoid sponsored results since “these can be paid imitators looking to deter traffic”, and should make sure they’re visiting a site on the .com domain. Bookmarking vetted websites is also a good idea.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
