As football fans gear up for the 2018 FIFA World Cup, which is being held in Russia, fraudsters are trying to score on scams while host cities are struggling to secure reliable Wi-Fi access points. According to Kaspersky Lab, more than 20% of Wi-Fi hotspots in FIFA World Cup host cities have cybersecurity issues, which could result in a winning goal for cybercriminals.
Out of the approximately 32,000 public Wi-Fi networks in these host cities, 7,176 do not use traffic encryption. According to the research, Saransk, ranked the safest city in terms of its public Wi-Fi, reportedly has 72% of all access points secured with WPA/WPA2 protocol encryption. "The top-three cities with the highest proportion of unsecured connections are Saint Petersburg (48% of Wi-Fi access points are unsecured), Kaliningrad (47%) and Rostov (44%)."
Still, networks secured with WPA2 are not impenetrable, particularly when it comes to brute-force attacks. Attackers can also attempt to intercept traffic from WPA Wi-Fi in public access points at the beginning of the session by penetrating the gap between the device and the access point.
Kaspersky Lab recommended that users avoid becoming a cybercriminal target by enabling the “Always use a secure connection” (HTTPS) option in their device settings. "Enabling this option is recommended when visiting any websites you think may lack the necessary protection."
Additionally, on 28 May Kaspersky Lab identified phishing emails offering users the chance to purchase "guest" tickets to the FIFA World Cup – but at 10 times more than the original price. While the tickets are unusable, fraudsters are taking the money and collecting users’ private data, including payment information, to steal more funds in a twofold monetization scam.
Criminals leverage these much-anticipated global events, making it a challenge for consumers and security defenders to keep pace with attackers. Events like the World Cup present incredible opportunities for cybercriminals to secure financial rewards. "Email infection, fake betting websites and traditional phishing attacks are all expected to have their day in the sun this summer," said Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber and information security and risk management.
While there may be legitimate reasons a person might send an unsolicited email, Ajay Menendez, executive director, HUNT analyst program at SecureSet, said, "Malicious actors try to get in contact with you, to infect and compromise your computer for criminal profit. In this age of 'fake news' and cybercrime, it is important for individuals to be cautious, not only for yourselves personally but the organizations we work for and are associated with."