Menu

6 February

Group-IB: 2018 FIFA World Cup Fans Should be Remain Astute to Online FIFA Scams

Group-IB, the leading provider of intelligence-driven cyber-security, is urging 2018 FIFA World Cup fans to remain astute to rising fraudulent ticket and counterfeit merchandise sites using the 2018 FIFA World Cup trademark. In the last year leading up to the event the number of domains registered which could be used for malicious purposes has risen 37% and is still climbing. In total, over 37,000 such potentially malicious domains have been registered.

The first trigger was when Group-IB was contacted by an external party who had fallen victim to Internet fraud and not received goods that were purchased. Upon investigation, the site in question was found to be related to a group of resources, including websites designed to sell tickets to multiple events and domain names related to the World Cup 2018.

Triggering our interest, Group-IB using their threat intelligence and brand abuse systems analyzed all domains hitting on the combination of ‘FIFA’, ‘Russia’, ‘WorldCup2018’ and other such keywords generating literally thousands of results.

Growth in the number of domains connected with the FIFA brand, 20 years (Group-IB, 2018)

Growth in the number of domains connected with the FIFA brand, 20 years (Group-IB, 2018)

The first such domains appeared as early as 1996 and is notable that they still exist. The majority of the resources appeared following the announcement that Russia would host the 2018 FIFA World Cup (Dec 2010) while others have only recently surfaced.

A growing threat: dynamics of new domains connected with the 2018 FIFA World Cup

Investigating the results of Group-IB Threat Intelligence and Brand abuse systems, Group-IB experts record annual growth in the number of potentially fraudulent domains – in total approximately 37,000 at the time of writing this article. A sharp increase began in 2014 with 3,000 names being registered, followed by 4,000 in 2015, 5,500 in 2016 and 13,500 in 2017.

At least 1,500 domains are designed to specifically target the 2018 FIFA World Cup in Russia blatantly using the event name, host cities, year, and other details. Company experts note that some domains are already active, while others are registered, but currently do not host any content.

This situation, however, is not necessarily unique. Group-IB’s experience protecting the 2014 Sochi Winter Olympics displayed that the activities of fraudsters drastically increased as the event got closer. Even if the domain is inactive, but registered, it is a real risk to the company and would be fans. If a domain is registered with prepaid hosting, a phishing page designed to collect credentials, or sell tickets can be created and promoted in just a few hours. It is essential that organizations monitor for such registrations and take action on them before they become an issue.

Andrey Busargin

Andrey Busargin

Brand Protection Director at Group-IB

How online fraudsters make money out of large-scale events: main stages in organization of phishing attacks (Group-IB, 2018)

How online fraudsters make money out of large-scale events: main stages in organization of phishing attacks (Group-IB, 2018)

Riding the Hype

Analyzing the situation, Group-IB specialists can identify a number of types of fraud. Some websites and ads offer tickets with a surcharge of more than 600%. See below screenshots:

Screenshot of a ticket offer on etickette.com and ticket2018.com. First-category ticket costs up to USD 6, 692, 
while the highest price on the official FIFA website is USD 1,100. (Group-IB, 2018)
Screenshot of a ticket offer on etickette.com and ticket2018.com. First-category ticket costs up to USD 6, 692, 
while the highest price on the official FIFA website is USD 1,100. (Group-IB, 2018)

Screenshot of a ticket offer on etickette.com and ticket2018.com. First-category ticket costs up to USD 6, 692,
while the highest price on the official FIFA website is USD 1,100. (Group-IB, 2018)

Screenshot of an ad on Avito and eBay with a photo of tickets for the World Cup final (Group-IB, 2018)
Screenshot of an ad on Avito and eBay with a photo of tickets for the World Cup final (Group-IB, 2018)

Screenshot of an ad on Avito and eBay with a photo of tickets for the World Cup final (Group-IB, 2018)

In some classified ads, there are pictures of legitimate looking tickets, while according to FFIA rules they will only be delivered beginning April 2018. When we contacted the owners of websites selling tickets, they acted cautiously. They offered to sign a contract and pushed for 100% payment, but warned that tickets would only be delivered in April 2018 when they are released. Additionally, they indicated that the contract would not mention the purchase of tickets specifically for 2018 FIFA World Cup. Group-IB Brand Protection experts also reviewed advertising and identified unauthorized advertisements pushing ‘customers’ to unofficial resources when searching for “2018 FIFA World Cup Tickets”, “WorldCup 2018 Tickets” and other such keywords.

Illegal sellers are also preparing to the event. The number of offers connected to queries with the 2018 FIFA World Cup has increased 12 times, from 336 to 4,200 ads in just 3 months. The most common add offers merchandise, such as coins, T-shirts, pendants or mascots.

In addition to classified ads, social media sites are becoming more active. At present, there are 200 active groups on VK.com (the Facebook equivalent for Russia) which abuse the 2018 FIFA World Cup brand or sell merchandise. Some groups offer help to purchase tickets.

An example of a group in VK.com offering help purchasing tickets to the 2018 FIFA World Cup (Group-IB, 2018)

An example of a group in VK.com offering help purchasing tickets to the 2018 FIFA World Cup (Group-IB, 2018)

An example of a group in VK.com offering help purchasing tickets to the 2018 FIFA World Cup (Group-IB, 2018)

Total number of offers connected with the selling in online classifieds of illegal promotional merchandise with 2018 FIFA World Cup symbols (Group-IB, 2018)

It is essential to track dormant domains, even if they do not present an issue at the moment. Given examples of existing websites is indicative that not enough is being done to protect the 2018 FIFA World Cup brand, or Foreign or Russian fans. That said, the positive takeaway is that it is possible. Leading up to the 2014 Winter Olympics in Sochi, Russian specialists managed to eliminate over 1,500 incidents of illegal ticket distribution on 80 websites. Furthermore, over 335 cases of illegal brand usage were resolved including those on Facebook, VK.com, Avito and eBay.

We should also note that Russia has a special federal law prohibiting the use of FIFA symbols and the selling of tickets by organizations without a contract with the FIFA or its authorized organizations.

Report an incident

24/7 Incident Response Assistance +7 495 984-33-64

Thank you!
We will contact you soon.