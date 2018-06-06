The largest sporting events allocate more than one million tickets, judging from The New York Times coverage of a large sporting event in February 2018. Tickets for the World Cup in Russia this June have already exceeded 1.6 million, according to FIFA underscoring the number of potential victims for cybercriminals, hacktivists and nation-state cyber actors.

Financially-motivated malicious actors are likely to see significant opportunity in targeting fans particularly if they can exploit online ticket sales or transactions conducted in a nonsecure environment while hacktivists and nation-state cyber actors are likely to seek access to information and websites that will be politically advantageous, either now or in the future.

Fans traveling internationally to attend high-profile sporting events are more likely to receive phishing attack messages in fact, phishing-related spam increased by more than 40 percent during the World Cup in Germany in 2006, according to Comsec Group.

In these attacks, seemingly legitimate communications invite recipients to click on a link or file that will download and activate malicious software on their device. Cunning cyber actors are likely to exploit factors that can decrease vigilance to malicious messages, such as fans’ desires to congratulate and promote their teams or share their experiences on social media.

In addition to phishing attacks, fans can unknowingly expose themselves to malware by using nonsecure Wi-Fi, including open networks available in airports, hotels and restaurants. One such attack prompts users to update software on their mobile device, then installs malware onto the device instead. Nonsecure Wi-Fi can enable others to see any sensitive information sent over the network, including usernames and passwords, financial information and private documents.

Fans and their family and friends back home can also fall victim to the stranded traveler scam. In this attack, malicious actors hijack the email account of someone traveling overseas. With this privileged access, they can send targeted messages to friends and family members, claiming to be the traveler in desperate need of funds quickly.

Legislation and policies governing personal information and surveillance vary from country to country. Some national governments have cautioned their citizens, prior to past global sporting events, not to bring electronic devices or to clean their devices of any sensitive material and consider using a “burner” device to avoid surveillance from the host country.

For fans traveling to global sporting events, we recommend the following measures to enhance cybersecurity: