- The FBI’s Internet Crime Reporting Center warned of at least 35 fake FIFA websites designed to steal fans’ personal and financial data.
- Scammers imitate legitimate domains with subtle spelling or TLD changes
- Officials recommend typing the FIFA URL directly or avoiding sponsored search results.
Hackers spoofing FIFA have become so bad that the FBI had to react and issue a public alert warning people to be careful.
Earlier this week, the FBI’s Internet Crime Complaint (ICC) issued a new alert, warning of the rise of fake FIFA websites seeking to steal people’s confidential information and even money.
Cybercriminals and scammers have always taken advantage of current events in their attacks. The Olympics, the Covid epidemic, the Russian invasion of Ukraine and other global events have been used as themes in phishing attacks, and fake websites were appearing that distributed malware under the guise of “vaccine information” or cheap tickets.
The Glasswing project is important
The World Cup is no different. Even eight years ago, TechRadar reported on ticket scams affecting fans around the world, and back in 2022, fake World Cup streaming sites were targeting virtual fans.
This time, the FBI says it has identified at least 35 fake websites that, at first glance, look identical to the real thing, with branding, product listings, and all other important details carefully placed.
“Threat actors often create spoofed websites by slightly altering the domain characteristics of legitimate websites, in order to collect personally identifiable information (PII) entered by a user on the site, including name, home address, telephone number, email address, and banking information,” the FBI said.
“For example, counterfeit website domains may feature alternative spellings of words or use an alternative top-level domain to impersonate a legitimate website. Members of the public could unknowingly visit counterfeit websites while attempting to access the FIFA website.”
The FBI recommends users access the FIFA website by typing the address directly. Those who use the search engine should avoid sponsored results, as “these may be paid imitators seeking to deter traffic” and should make sure they visit a site with the .com domain. It’s also a good idea to bookmark vetted websites.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
