The ICC World Cup 2023, the 13th edition of the ICC Cricket World Cup, is set to take place in India, amidst a rapidly growing digital ecosystem developing around the world. The global cricketing community is increasingly utilizing online platforms for ticket purchases, merchandise, real-time updates, and conversations.
While these advances have brought fans closer to the game, they have also opened new opportunities for scammers and cybercriminals to prey on unwary fans. As technology and online communication continue to play an important role in cricket, it is critical to understand and address the scams and threats that can jeopardise the integrity and security of the ICC World Cup 2023, such as phishing schemes, fake ticket sales, and illegal betting activities.
Phishing & Fraud Targeting the World Cup
We’ve investigated trends surrounding the ICC World Cup 2023, and are raising awareness about potential frauds and threats, including phishing websites, fake ticket sales, illegal betting, and social media misinformation.
It’s important that fans, organizers, and stakeholders are informed about potential dangers of researching and interacting with sites and accounts linked to the ICC World Cup online, and are aware of recommended measures like cybersecurity, public awareness, regulatory measures, and law enforcement coordination to ensure the safety and integrity of the tournament.
We found the following trends in our research.
Threat actors are creating promising-looking or identical spoofing websites. Some of the recently created domains/websites offer tickets for the ICC World Cup 2023 matches.
Social media platforms such as Twitter, Instagram, Telegram and WhatsApp are being utilized for advertising and reselling tickets.
Several domains that are similar to the original have recently been created to market and promote illegal betting and predictions. Social media platforms are used to promote the same.
Analysis of Phishing and Scams
The Bolster research team discovered some revealing trends in phishing websites that show evolving scam techniques. Threat actors are developing phishing domains that look exactly like official domains, also known as typosquat domains.
Websites Leveraged for Ticket Fraud
Multiple new phishing websites have been created where tickets could be purchased. One such instance researchers at Bolster have observed was for “Cricbuzz”. A phishing website similar to the original domain of “Cricbuzz” was recently created to target enthusiastic fans eager to purchase ICC WORLD CUP 2023 tickets.
When attempting to book tickets, personal information such as name, email address, and phone number are requested in order to receive an additional 10-20% discount on the selected ticket. Following that, the page directs the user to make a payment.
Meanwhile, no discount coupon or other information is being provided on the email address or phone number entered. On the payment portal bank details were mentioned for direct transfer, turns out the account and IFSC code mentioned doesn’t exist.
Social Media Leveraged for Selling/Reselling Tickets
Numerous Telegram channels, bots, and Twitter accounts have been discovered as places where ICC World Cup 2023 tickets are being sold and resold.
Multiple platforms, such as WinBuzz and Dream11, are marketed on Telegram channels. Several channels with a large number of users were observed, and it was determined that the channels and administrators are involved in illicit betting and match fixing. Several domains advertising betting have lately been registered.
Our Recommendations For Protecting Yourself, and Your Business Network
For fans/spectators of the ICC World Cup 2023:
- Only acquire tickets from ICC-approved sources or authorized resellers.
- Check the ticket seller’s authenticity and secure payment options.
- Examine sender addresses, links, and content to identify phishing emails and websites.
- Avoid revealing sensitive personal information on social media or untrusted websites.
- Report any scams or fraudulent conduct to the proper authorities or event organizers.
- Check that the URLs of websites you interact with begin with “https://” and display a padlock icon to indicate a secure connection.
- If you want to gamble on matches, stick to well-known, licensed betting platforms, and stay away from unregulated or questionable websites.
How organizers can protect legitimacy of sales and branded assets:
- Safeguard the official website and online ticketing platforms from hackers by using robust cybersecurity measures.
- To facilitate fans with safe and legitimate means to purchase tickets, promote and prioritize official ticket sales channels.
- To prevent counterfeit ticket sales, use modern ticket validation technology such as holograms, QR codes, and RFID chips.
- Create an easy-to-use reporting mechanism for fans to report suspicious actions, phishing attempts, and illegal betting on the official website.
- Monitor the constantly evolving threat landscape and adjust security measures and strategies as needed.
How ICC World Cup fans can move forward
Popular events are often used as lures for cyberattacks such as large scale phishing and scam campaigns. Threat actors have long targeted major sports events.
Prior to the Tokyo Olympics, researchers discovered a phishing attempt that purported to be selling the “Olympic Games Official Token.”
Similar circumstances occurred at the FIFA World Cup 2022 when phishing websites were set up to sell fraudulent tickets and cards/ids. Using a multifaceted strategy, organizers can reduce risks and improve the event’s overall security and integrity.
Using Bolster to Protect Your Business
The rapid transition to digital transactions, while offering numerous benefits, has also presented opportunities for cybercriminals to exploit the unsuspecting.
With World Cup 2023 tickets being sold and resold via various Telegram channels, bots, and Twitter, the risk of falling victim to fraudulent practices increases. This poses a particular challenge to eager fans/spectators who are willing to spend a lot of money on tickets. Staying informed and vigilant becomes crucial to avoid becoming prime targets of these ticket scams.
Our findings also highlight the need for continuous monitoring and research in the realm of phishing site hunting to preemptively identify and combat such threats.
Bolster’s anti-phishing and domain monitoring technology protect your business from evolving phishing threats. With continuous scanning technology that quickly identifies threats and misuses of your branded assets, you can trust Bolster will protect your business.
See Bolster in action when you request a demo.