Malvertising and phishing attacks, leveraging football fans’ desire for live streaming of the European Championships, can lead to losses – and we’re not talking about just soccer games.
Another football season is in the books, but fans have a little more to look forward to than just the end credits this year. A quadrennial occurrence, international football has again taken center stage with the European Championships which kicked off 15 June 2024.
Football fans can catch the action live on television, but many might not find value in paying the subscription rates. With the tournament held in Germany, most matches are played during the overnight hours in Asia Pacific. Fans are also typically selective with matches to watch, choosing to stay up only for big matches throughout the month-long competition.
This prompts many to turn to illegal streaming instead of pricey legitimate sources for their football fix, which leads to their digital security being caught offside.
Too good to be true
Locally, avenues such as streaming sites offer “free” alternatives to the hefty subscription fees associated with the said packages.
They might not cost anything, but could also cost everything.
In a 2024 study titled “Scams, Cyber Threats and Illicit Sports Streaming in Singapore” commissioned by the English Premier League, it was found that there was a 48% average likelihood of encountering a cyberthreat on streaming sites, which was accompanied by a 3.5 times higher scam risk for visitors. Furthermore, 54% of advertisements on such sites were classified as high risk.
With cybercrime increasing in Singapore, illegal streaming opens another door for cybercriminals to waltz uninvited into personal digital spaces. Just last year, the Singapore Police Force reported that scam and cybercrime cases increased by 69.4% to 24,525 — resulting in S$334.5 million in losses.
Fans who watch matches on these illegal streaming sites — not just in Singapore, but throughout the region — are exposed to major security risks, including malware, data theft and financial scams. This isn’t limited to just football fans, but for anyone who seeks entertainment by pirating movies, TV series or K-dramas through illegal streaming sites.
Illegal streaming’s cyberthreat landscape
There are several common tools used by cybercriminals through illegal streaming sites.
Malvertising attacks are complex and can use various techniques. Typically, the attacker starts by hacking a third-party server to inject malicious code into an advertisement, such as a banner or video.
When a user clicks on the advertisement, the code installs malware or adware on their computer. These attacks can deploy an exploit kit to scan and exploit system vulnerabilities. Once installed, the malware can damage files, redirect traffic, monitor activity, steal data or create backdoor access. The stolen data can be deleted, blocked, modified, leaked, copied and sold for ransom or on the dark web.
Redirect phishing is another tool used by cybercriminals to lure users to harmful websites by exploiting trusted domains. They exploit weaknesses in web applications that permit user-controlled redirects. In the worst cases, these redirects lead to sites filled with dangerous malware that can breach secure data systems.
When someone clicks on a phishing link, they are sent to a fake site resembling a legitimate one, where they might unknowingly submit sensitive information like login details, personal info or financial data for the cybercriminals to steal.
Browser hijacking happens when unwanted software or malicious entities change browser settings without user consent. These changes, aimed at driving traffic to specific sites for profit, can affect home pages, search engines, error pages and security settings.
Oftentimes, hijackers are hidden in free downloads or pose as helpful extensions within streaming sites, leading users to install them unknowingly. The stealthy nature of browser hijacking means it often goes unnoticed until unexpected browsing changes occur.
Browser hijackers can steal sensitive data by installing tracking cookies to collect browsing history, search habits and personal information like login details and financial data. This information can be used for targeted ads, identity theft or sold to others, putting online privacy and security at serious risk.
Recovering from a compromise
If a data breach exposes sensitive information, relevant parties must immediately be notified so they can take appropriate action. For instance, if credit card information is leaked, the bank must be contacted to cancel the card and prevent monetary loss. If an online account is compromised, credentials need to be updated. If company data is exposed, immediate updates, patches and security measures should be implemented to address the security issue.
After identifying sensitive information exposed in a data breach, it is essential to change your password immediately for the compromised account as well as any other accounts that use the same password or a version of it. Creating new, unique passwords is crucial to prevent repetition, and using a password manager can simplify this process.
A password manager stores and manages passwords in an encrypted vault. It securely stores all passwords in use and can help generate new ones, making it easier to update compromised accounts.
Multi-Factor Authentication (MFA) should be enabled on all accounts for added security. MFA is a security measure requiring extra verification steps to access digital accounts. With MFA, both login details and at least one other form of identification are needed for any login, adding another critical layer of security.
MFA ensures that even if hackers obtain account credentials, they still cannot access accounts without the additional form of identification, which they cannot bypass. This makes it much harder for them to compromise your account.
The final whistle
Understandably, paying for the Euros might not seem like a worthy investment. Football fans in Singapore might pass on the offer, especially considering the time difference. The itch to watch a couple of key games will persist, but is the fallout from the numerous cyber risks associated with illegal streaming worth the excitement of 90 minutes?
Probably not.
There continues to be a need for strong digital habits in the cyber landscape of today, with attackers continually coming up with new tactics to exploit users online. Apart from just ethical concerns, football fans should stick to legitimate sources for live matches to avoid their sensitive information being compromised, and becoming another statistic for the latest cybercrime report.
It is not worth letting the beautiful game become monetary pain through the threats of illegal streaming. The only winners will always be cybercriminals looking to score the goal of breaching fans’ digital security.