Group-IB, the leading provider of intelligence-driven cyber-security, is urging 2018 FIFA World Cup fans to remain astute to rising fraudulent ticket and counterfeit merchandise sites using the 2018 FIFA World Cup trademark. In the last year leading up to the event the number of domains registered which could be used for malicious purposes has risen 37% and is still climbing. In total, over 37,000 such potentially malicious domains have been registered.
The first trigger was when Group-IB was contacted by an external party who had fallen victim to Internet fraud and not received goods that were purchased. Upon investigation, the site in question was found to be related to a group of resources, including websites designed to sell tickets to multiple events and domain names related to the World Cup 2018.
Triggering our interest, Group-IB using their threat intelligence and brand abuse systems analyzed all domains hitting on the combination of ‘FIFA’, ‘Russia’, ‘WorldCup2018’ and other such keywords generating literally thousands of results.
Growth in the number of domains connected with the FIFA brand, 20 years (Group-IB, 2018)
The first such domains appeared as early as 1996 and is notable that they still exist. The majority of the resources appeared following the announcement that Russia would host the 2018 FIFA World Cup (Dec 2010) while others have only recently surfaced.
A growing threat: dynamics of new domains connected with the 2018 FIFA World Cup
Investigating the results of Group-IB Threat Intelligence and Brand abuse systems, Group-IB experts record annual growth in the number of potentially fraudulent domains – in total approximately 37,000 at the time of writing this article. A sharp increase began in 2014 with 3,000 names being registered, followed by 4,000 in 2015, 5,500 in 2016 and 13,500 in 2017.
At least 1,500 domains are designed to specifically target the 2018 FIFA World Cup in Russia blatantly using the event name, host cities, year, and other details. Company experts note that some domains are already active, while others are registered, but currently do not host any content.
Brand Protection Director at Group-IB
How online fraudsters make money out of large-scale events: main stages in organization of phishing attacks (Group-IB, 2018)
Riding the Hype
Analyzing the situation, Group-IB specialists can identify a number of types of fraud. Some websites and ads offer tickets with a surcharge of more than 600%. See below screenshots:
Screenshot of a ticket offer on etickette.com and ticket2018.com. First-category ticket costs up to USD 6, 692,
while the highest price on the official FIFA website is USD 1,100. (Group-IB, 2018)
Screenshot of an ad on Avito and eBay with a photo of tickets for the World Cup final (Group-IB, 2018)
Illegal sellers are also preparing to the event. The number of offers connected to queries with the 2018 FIFA World Cup has increased 12 times, from 336 to 4,200 ads in just 3 months. The most common add offers merchandise, such as coins, T-shirts, pendants or mascots.
In addition to classified ads, social media sites are becoming more active. At present, there are 200 active groups on VK.com (the Facebook equivalent for Russia) which abuse the 2018 FIFA World Cup brand or sell merchandise. Some groups offer help to purchase tickets.
An example of a group in VK.com offering help purchasing tickets to the 2018 FIFA World Cup (Group-IB, 2018)
Total number of offers connected with the selling in online classifieds of illegal promotional merchandise with 2018 FIFA World Cup symbols (Group-IB, 2018)
We should also note that Russia has a special federal law prohibiting the use of FIFA symbols and the selling of tickets by organizations without a contract with the FIFA or its authorized organizations.