Cybercrime in Sports: Scoring Against Sports-themed Scams

It’s the big night. The biggest tournament for your favorite sport has finally arrived, and you’re all fired up to join the roaring crowd and root for your favorite team. The frenzied advertising hype for the event worked. You were convinced to attend the event and you splurged on two seats from a promo you found online for you and your best buddy, only to discover that the promo is a sham, and… you’ve been duped.

Most major sporting events have become a frequent target for cybercrime, including terrorism. While the former may not be necessarily life-threatening, it could still lead to threats that include identity theft, financial loss, and reputation damage. With a massive assembly of fans, spectators, organizations, and even government agencies invested in national and international events, they become the perfect opportunity for cybercriminals to take advantage of the fans' excitement and reliance on technology via social engineering techniques and other online threats. 

[READ: How social engineering works]

A Historical Breakdown of Sports-related Cybercrime

One of the first electronic attacks can be traced all the way back to 1980. Since then, the advancement of technology—and threats that take advantage of these trends—have evolved, making online threats for any user easier to come by. To give you an idea, here’s a rundown of notable online scams connected to sporting events:

2008 Beijing Olympics – hundreds of victims lost large amounts of money to a fake Beijing Olympics website. The site posed as a ticket seller but it was actually a phishing site that stole credit card information and other personal information.

2010 FIFA World Cup – spam in sporting events are one of the most common techniques used by attackers. During the 2010 FIFA World Cup, an email referring to a fake contest “Final Draw” circulated, along with a US$550,000 prize. The victim was lured into giving out personal information for a fund transfer transaction. The scam is reminiscent of the 419/Nigerian scam wherein users are persuaded to send cash by promising them a large amount of money in return for cooperating with them.

London 2012 Olympic Games – similar to the spam attacks used in the 2010 FIFA World Cup, a spam campaign tricked users via email that they won a contest called “2012 London Olympics Lottery”. However, before they could claim their “prize”, the recipients were prompted to call a number, reply to the malicious email, and give out personal details. Another scam offered users tickets to the said event, allowing cybercriminals to steal their online banking information.

World Cup 2014 Brazil – from adware, phishing attacks to banking Trojans, cybercriminals didn’t waste time capitalizing on one of the most highly anticipated football tournaments, the World Cup 2014 in Brazil. Fans, including ordinary users, were tricked into divulging sensitive details like financial and personal information via phishing websites, search engines, spammed emails, and even fake apps.

Highly-publicized international events will continuously be used by cybercriminals as bait to lure users into their online traps. Attackers know that users tend to take security measures for granted, especially during the rush to attend major sporting events are concerned. This is why it’s important to understand the various types of web attacks they use in order to stay vigilant and protective of your online behavior. Here are a few simple tips on how to score a victory on your next scam encounter:

  • Set the tone of the game – stick to official websites when buying event-themed merchandise. Bookmark official licensed retail websites to avoid typing in the wrong address. This goes the same for when you book tickets or join other related promotional activities.
  • DE-FENSE! – don’t fall for sweet, outrageous deals because they’re all most likely bitter grifts waiting to steal your personal and banking information. Remember, when something seems too good to be true, it's a red flag. Additionally, always verify if they're legit, regardless if they're from emails, websites, links, and especially posts found on social media. If you fall for a threat, your friends and followers may follow suit.
  • Dodge the bullet- bank on a comprehensive security solution that can defend against web attacks. Don’t forget to protect your mobile devices as well. The convenience you get from using your mobile device can provide the same level of ease for cybercriminals to get to you if you aren’t protected.
[Take the Quiz: How good are you at protecting your net?

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.