Already in suspense over choosing a new coach Real Madrid fans are getting caught up in the more risky game of having their personal data being targeted by cyberattackers on Facebook.
Multiple sources including one of the world's largest internet security firms are buzzing up the story that Real Madrid fans are the latest targets of a cyberattack known as spearphishing.
A favorite tactic of hackers and professional cybercriminals spearphishing uses fake web pages to grab name and password data from high value brands and sports organizations like Real Madrid fans, then redirects the internet user to the real website as if nothing happened.
In the latest outbreak unassuming Real Madrid fans who are surfing around on Facebook see an image of Real Madrid star Cristiano Ronaldo on their screen in what appears to be a Real Madrid website. With the name and password boxes beckoning the user is prompted to "sign on." Intuitively, many do. And they give up their personal data to the cyberattackers in the process. Because many fans use the same password on multiple sites it is possible for hackers to harvest the information gathered to access bank accounts and other sites of value. It can be exploited, sold to cybergangs, bartered or used for blackmail.
Because most football fans believe in their team like a civic religion the element of trust in sharing personal data with the fake site operated by the cybeattackers is implicit. Then too, internet users have become victims of the "I accept" syndrome, ignoring important information contained in the terms of service and just click through, not verifying whether they are visiting a site operating with a valid security certificate.
With cybercrime now one of the top threats to British national security Premier League fans could be the next victims. In Britain the National Audit Office has found that cybercrime generates between 18 billion to 25 billion pounds annually.
While an important first step, the recently enacted private-public consortium between companies and government security services in Britain and the United States, known as CISP (Cyber security Information Sharing Partnership) focuses on protecting the cybersecurity interests of big companies not football fans. Those who lose money or quase-money after being scammed by a cyberattack have a difficult time recouping their losses due to complicated legal procedures and investigation processes.
FIFA, the world governing body of association football, seems more interested in protecting its trademarks, slogans and licensed products than in the growing cybersecurity threat to fans world-wide. Theirry Weill, FIFA marketing director has called for fair play in those areas where it acts to protect its own security.
But cyberattackers don't play fair. Nor do the fighters in Syria's civil war, where more than 82,000 people are estimated to have been killed in a decade and the Aleppo International Stadium where FIFA sanctioned games are played only holds 76,000 bodies. Rather than calling for an end to the carnage, a recent FIFA newsletter praised Syria for improving the quality of its football during difficult times.
Pierluigi Paganini, the Naples-based director of Security Affairs told this writer in a recent discussion that cybercrime, hacking and phishing are all increasing due to the rise in use of mobile devices and Twitter. According to Paganini it is possible to share an infected link that grabs personal information with millions of users via Twitter with one or two tweets. Cristiano Renaldo of Real Madrid has18 million followers and his teammate Ricardo "Kaka" Izecson has 15.6 million. Manchester United's Kevin Rooney boasts 6.4 million followers and Neymar of Barcelona has 7 million in his wee kist.
In a down economy perhaps the big winner is this world cup of hacking is the expansion of the cybersecurity industry itself. In the press release announcing the formation of CISP a boldface callout to those seeking jobs stands out right at the top.
Against this backdrop over on HuffiPo Spain cartoonist Fito Vasquez satirizes the threat posed by hacking. It would be a lot more funny if it wasn't true. Whether its at The Shed, The Cottage or at Santiago Bernabeu its time to break cybersecurity out of its silo so fans everywhere can get a grip as to what's going on, take action and protect themselves from the next attack.