With the start of the Ticket sale of the Qatar 2022 World Cup, football lovers are anxious as are cybercriminals, but they are looking to deceive anyone interested in having the complete world cup album.
The cybersecurity company Kaspersky has reported a scam spread by WhatsApp that seeks to generate income by using the data of innocent people to register them on sports betting sites and dubious promotions with the excuse of winning an album for free.
“Access and win the album with more than 400 photos’” is the initial message that promises immediate delivery and a link for the person to access, supposedly, the website of the publisher that produces the albums.
This fake website prompts users to complete a survey about the album and the company that distributes it, as well as displaying alerts about the limited number of products available to pressure the user to complete the required tasks. In the end, the person is forced by the system to share the scam link with their contacts in order to continue with the process.
Once the message is spread and other people are involved in the deception, the victim is redirected again to various websites that request registration in promotions or online betting sites with affiliate schemes.
The goal of cybercriminals
As explained by Fabio Assolini, director of the Research and Analysis Team for Latin America at Kaspersky, “these schemes are designed to trick the victim into registering on different sites. In this case of the football sticker album, the campaign is false because its real goal is to get the person to sign up for malicious sites or gambling sites.
The manager also added that “the betting also have an affiliate scheme, making the creators of the campaign earn a commission for each registration made through the shared link“
The expert also reiterates to football fans the importance of being cautious with their data. “It’s important for fans to be vigilant and cautious with their personal and financial information because as we get closer to the event, cybercriminals will set more traps using phishing and social engineering.”
How to avoid being a victim of scams
So that people do not fall for scams like this, the cybersecurity company recommends that users of social networks, especially WhatsApp, follow these recommendations:
– Links received through emails, SMS or WhatsApp messages or other messaging applications should be cause for doubt on the part of the recipients. In any case, it is good to ask the person who sent them what they are about and what kind of pages they redirect.
– In case one of these links is clicked, the website to which it leads must be verified. Both the link and the email or message that was sent must be reviewed to avoid cases of phishing.
– You have to check if the promotions are true by visiting the official website of the company or organization, their profiles on social networks or contacting directly through a telephone service or email.
– If the veracity of the website is in doubt, do not enter any data or complete any type of form.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.