With only a few days left for the 2018 FIFA World Cup to kick off in Russia, tickets to the world’s biggest football event are almost sold out. By the time the second phase of ticket sale ended on 31 January 2018, as per the official FIFA website, a total of 1,303,616 tickets had already been allocated. The last phase that started in April 2018 will remain open till 15 July, though tickets for the important fixtures are all mostly sold out. However, with fans still scrambling for FIFA World Cup tickets, there are reports that many of them are falling prey to phishing emails from fraudsters offering “last-minute tickets” at much higher prices.
Fraudsters are luring people with the much sought after “guest tickets” to the 2018 FIFA World Cup. According to Russia-based Kaspersky Lab, some tickets are on offer at 10 times their original price. And it says the tickets are likely to be unusable because there is a strict registration and transfer procedure in place.
Highlighting a grave threat of a twofold monetisation scam, Kaspersky says these fraudsters are taking the money from those walking into their trap and also collecting the users’ private data, including payment information, to steal more subsequently.
Major events always attract fraudsters’ attention, due to the excitement around them. The phishing mails sent to the recipients usually appear legitimate, making it easier to trap unsuspecting enthusiasts. A similar phenomenon is happening with the upcoming World Cup.
Online tickets can only be purchased on the official FIFA website. And buying tickets for the major event is not very easy as FIFA has put in place a multilayered and sophisticated procedure for security reasons. There are a number of obstacles that complicate the process. There three stages and one person can buy only one ticket.
However, in case of guest tickets, one can buy up to four tickets. These tickets are registered on specific names and can be transferred if the holder applies for it.
Fraudsters offering guest tickets despite this complicated process is a matter for concern.
When the window to purchase FIFA World Cup tickets opened for the first time in September 2017, the official website experienced a massive surge, leading to connection problems. According to a Kaspersky Lab, fraudsters bought up as many tickets as they could during the process with the aim of selling them on to a desperate fan base. With tickets now sold out, many people are left with no option but to go to touts in their last-ditch efforts to make it to the game, or games, of choice.
These fraudsters have apparently set up hundreds of domains with wording related to the World Cup to sell guest tickets. “Many have increased the price to more than double face value, with some tickets available at up to 10 times the original cost,” Kaspersky Lab quotes its experts. And since buyers are required to make full advance payment, there is no guarantee that they will get the tickets. There is also no guarantee that the guest tickets reserved for other people will be accepted at a stadium, or the tickets forwarded to the buyers will be genuine at all. “What is guaranteed, however, is that the payment information used to buy the tickets will give scammers all they need to collect additional funds from the user in the future,” the lab says in a statement.
“According to our research, there is a real risk that users will pay a lot of money and get nothing in return. This type of cyber fraud can also lead to further money stealing. We urge sport fans to be extra vigilant and savvy when buying tickets. No matter how attractive the offer is, the only way to ensure you won’t get duped is to use authorized sellers,” warns Andrey Kostin, senior web-content analyst at Kaspersky Lab.
Kaspersky Lab suggests some steps football fans can follow to keep their money safe, during the World Cup and always
* Stay vigilant. Buy tickets only from official sources, and always double-check the site address and the links you want to follow
* Do not click on links in emails, texts, instant messaging or social media posts if they come from people or organisations you don’t know, or have suspicious or unusual addresses
* Have a separate bank card and account with a limited amount of money, specifically for online purchases. This will help to avoid serious financial losses if your bank details are stolen
* De-risk the data. It is better to install a reliable security solution with up-to-date databases of malicious and phishing sites