The Phishing Footballer
Phishing is one of the most common practices used by hackers with the intention of obtaining credentials and money directly from people or companies. As hackers invest increasing amounts of time perfecting their phishing efforts, it is becoming more and more difficult for companies and users to try and recognise them. Regardless of the industry you work in, the dangers of phishing attacks need to be respected.
In March 2018, Italian newspaper Il Tempo reported that Italian football giants Lazio, became the victim of a phishing attack back in 2014 whereby fraudsters masquerading as Feyenoord representatives, tricked Lazio into paying them the final €2 million instalment for defender Stefan de Vrij. The two football teams had agreed to pay four instalments of €2 million (total of €8 million) for the defender. Just before the last payment was due to be paid, Lazio received an email which appeared to come from the Dutch club stating that they would like the remaining money to be paid into a different account (Il Tempo, 2018).
Now you may think that this should trigger alarm bells and be recognisable as a possible phishing attempt, but in reality, because the email looks legit (i.e. has the correct knowledge, wording and official imagery/badge) and also looks like it comes from a person that you may have been dealing with, people generally tend to go along with it.
But this is not the first case of a football club being the victim of fraud. In 2017, Scottish club Hamilton Academical, with an average home attendance of 2,500, were reported to have been the target of an elaborate fraud which resulted in them losing almost £1 million. The worrying thing about this is at that the directors of the club had to inject the funds into the club themselves in order to meet the ongoing obligations until the investigation was complete (The Guardian, 2017).
But it's not only the clubs that need to remain vigilant, it's also the fans. Back in 2016, the Scottish Football Association (SFA) had their database breached, a database that contained email addresses and other personal details of football fans. This resulted in targeted phishing emails claiming to be from the SFA demanding up to £170 from subscribers (Teiss, 2016). And just recently, World Cup 2018 proved to be a magnet for cybercriminals, creating an opportunity to impersonate World Cup partners and advertisers in order to sell match tickets and accommodation (IT Pro, 2018).
It's clear to see that opportunists are fast to take advantage of any major events or global issues that are trending. Again, this has been evident recently with the increase of phishing scams in the run up to the GDPR deadline. I think we can expect to see phishing attempts become more and more sophisticated in an attempt to continuously fool people into handing over their details and money.
References
- Cover Image. https://i1.mdzol.com/files/image/672/672634/56f5c40d4cec1__1240!.jpg
- Il Tempo. (2018). Lazio truffata dagli hacker. [online] Il Tempo. Available at: http://www.iltempo.it/sport/2018/03/28/news/lazio-truffata-dagli-hacker-1058194/
- IT Pro. (2018). Kaspersky spots spike in World Cup Phishing scams. [online] IT Pro. Available at: http://www.itpro.co.uk/phishing/31207/kaspersky-spots-spike-in-world-cup-phishing-scams
- Teiss. (2016). Scottish Football Association subscribers receive face billing emails. [online] Teiss. Available at: https://teiss.co.uk/iot/scottish-football-association-subscribers-receive-fake-billing-emails/
- The Guardian. (2017). Hamilton Academical lost 'substancial' amount of money to elaborate fraud. [online] The Guardian. Available at: https://www.theguardian.com/football/2017/oct/13/hamilton-academical-substantial-money-fraud
