- The FBI’s Internet Crime Complaint Center warned of at least 35 fake FIFA websites designed to steal personal and financial data from fans
- Scammers impersonate legitimate domains with subtle spelling or TLD changes
- Officials advise typing FIFA’s URL directly or avoiding sponsored search results
Hackers spoofing FIFA have gotten so bad that the FBI had to respond and issue a public alert to warn people to be careful.
Earlier this week, the FBI’s Internet Crime Complaint (ICC) issued a new alert warning of the rise of fake FIFA websites seeking to steal people’s sensitive information and even money.
Cybercriminals and fraudsters have always used current events in their attacks. The Olympic Games, the Covid epidemic, the Russian invasion of Ukraine and other global events have been used as a theme in phishing attacks, and fake websites appeared that distributed malware under the guise of “vaccine information” or cheap tickets.
Project Glasswing is important
The World Cup is no different. Even eight years ago, TechRadar reported on ticket scams affecting fans around the world, and back in 2022, fake World Cup streaming sites were targeting virtual fans.
This time, the FBI says it identified at least 35 fake websites that at first glance look identical to the real thing, with branding, product listings and all other important details carefully placed.
“Threat actors often create fake websites by slightly altering the characteristics of legitimate website domains with the goal of collecting personally identifiable information (PII) that a user enters into the website, including name, home address, phone number, email address and banking information,” the FBI said.
“For example, spoofed website domains may contain alternative spellings of words or use an alternative top-level domain to mimic a legitimate site. Members of the public may unknowingly visit spoofed websites while trying to access FIFA’s website.”
The FBI recommends users go to FIFA’s website by entering the address directly. Those using the search engine should avoid sponsored results, as “these may be paid impersonators looking to discourage traffic,” and should make sure they are visiting a site on the .com domain. Bookmarking approved websites is also a good idea.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
