Security researchers have found more than 40 streaming sites promising “free” World Cup livestreams that actually serve as scam advertising traps, delivering an endless loop of popups, redirects, and malware.
According to internet security firm Malwarebytes, the page templates, coding, and advertising networks for these World Cup-branded domains are all the same. The fraudsters created them simply to facilitate scams, malware, fraudulent downloads, pop-ups, hidden ads, and redirects.
“With the World Cup on, you’ll find no shortage of websites promising every match, live, in HD, for free,” Stefan Dasic of Malwarebytes writes. “They look convincing, usually with a video player, a ‘Live Stream Available’ indicator, a row of server buttons, maybe a match schedule, and a ‘Watch Live’ button. There’s no signup, no paywall, and seemingly, no catch. But of course there’s a catch.”
How do these scam World Cup livestreaming websites work?
He reveals that these phony World Cup streaming sites typically load eight or more ad and tracking scripts from the same dubious network, along with a few additional ad domains, when someone visits them.
When you first visit the page, an advertisement appears in a new tab or window, often in the background. Seldom does clicking the “play” button actually play a video; instead, it takes the victim through a series of prompts, including a request to click the “resume” button before they can see the supposed livestream.
The page then launches additional tabs and silently loads tiny, invisible 1×1-pixel advertisements. These are only there to produce views for sponsored advertisements.
The websites will also frequently create phony message alerts and advertisements that offer “play-to-earn” games with eye-catching claims and daily incentives.
“It’s the oldest play in the scam handbook: take something millions of people want right now, present it nicely, and monetize the rush. Scammers don’t create the demand, they just stand in front of it with a bucket and collect payment,” Dasic added.
Unfortunately, these fake livestreaming websites are just the tip of the World Cup-related fraud iceberg
Prior to the World Cup, the FBI warned fans that scammers had been flooding the internet with thousands of fake FIFA websites in anticipation of the massive international tournament, hoping to perpetrate fraud.
The FBI warned that, to mimic a genuine website, spoofed website domains may use different top-level domains or different word spellings. While attempting to access FIFA’s and the World Cup’s website, members of the public could unintentionally visit spoof websites.
To help avoid these scam FIFA websites, the FBI recommended that fans type “fifa.com” directly into the address bar, avoid any “sponsored” results in search engines, and use bookmarks or favorites to navigate back to legitimate, safe FIFA websites that you have already visited.