As the 2014 FIFA World Cup Brazil draws near, we are seeing more threats using the event as bait. We recently talked about cybercriminals in Brazil taking advantage of the event to spread malware, but we’ve found that the threats have gone beyond that: we’ve spotted fake FIFA websites selling game tickets.
One of the sites we found even have different subdomains for different countries, as shown in the diagram below:
Figure 1. Multiple subdomains of scam site
(Click above image to enlarge)
For the site meant for visitors from Brazil, would-be fans can buy a ticket for the final Game for 8,630.20 reais (or just under 3,900 US dollars). This price is almost 4000% higher than the official price on FIFA’s website.
At a Brazilian complaints site, a user reported that he bought three tickets for the Portugal versus Germany match from this site, but hadn’t received any tickets yet. The victim also claims that this scam site left no phone number to be contacted. Another complaint on the same site says the only way for the scammers to be contacted is via chat or email.
Figure 2. Screencap of the complaint
The domain name was registered last May 27, 2013, with no clear owner. However, it was registered in Spain. As for its hosting, it is hosted on a major cloud service provider. The Brazilian site accepts payment via a legitimate online payment service with offices in São Paulo, Brazil.
This scam is an example of how different legitimate services (hosting, domain registration, online payment system) can be used fraudulently to scam victims around the globe.
We protect our customers by blocking the fraudulent sites we encountered here. We also would like to remind users not to visit scam sites like these, and remember that only FIFA is authorized to sell tickets for the World Cup games.
The Race to Security hub contains aggregated TrendLabs content on security stories related to major sporting events. We’ll soon be featuring the 2014 FIFA World Cup.