Hackers Are Exploiting the UEFA Euros for Phishing Attacks

The UEFA Euros has kicked off, and so have cybercriminals eager to exploit fan enthusiasm with over 24,000+ individual phishing emails in targeted attacks.

Egress' Threat Intelligence team identified a significant surge in phishing attacks leveraging excitement around the Euros. Since June 17th, they've observed over 7,000 unique campaigns with a staggering 24,000+ individual cyber attacks.

This is not the first time a major event has been used as a doorway into cybercrime with similar attacks reported during the Eurovision song contest

The cyber attacks are not easily spotted, Instead of impersonating UEFA as you might expect, the attackers are targeting businesses associated with the tournament, such as travel companies (Booking.com, Lufthansa, Uber), accommodation providers (Hotels.com, Marriott.com), and even transportation services (Trainline, Eurostar).

Attackers employ sophisticated techniques to bypass security measures. They utilize lookalike domains (e.g., Eurostɑr[.]com) with a technique called ‘typosquatting’ that mimics legitimate brands. Additionally, URL shorteners like bit.ly mask malicious URLs, evading link-scanning solutions.

Football fans targeted in UEFA Euro cyber attacks

The initial phishing email, often impersonating a Euros-related brand, utilizes convincing templates and branding elements. The payload is typically a shortened link disguised within an image, directing the recipient to a malicious site.

Clicking the link leads to a fake lookalike website mimicking popular platforms like Microsoft login. This tactic aims to trick users into entering their credentials, compromising their accounts and potentially granting access to their organizations. 

The attacker can then attempt to use the credentials to compromise the individual's other business and personal accounts if the password is reused. They may then move laterally across that individual's organization using the initial compromised account as a foothold.

These attacks prioritize volume over intricacy. By flooding inboxes, attackers aim to overwhelm security teams and exploit even a small percentage of susceptible recipients. A successful breach can lead to lateral movement within compromised organizations.

The campaigns leverage social engineering tactics. They exploit the excitement surrounding the Euros by crafting enticing offers on travel, accommodation, and even ticket competitions. This strategy preys on fans' desire for deals and participation, manipulating emotions to increase success rates.

The Euro 2024 phishing surge underscores the ever-present threat of social engineering, phishing and spoofing. By understanding attacker tactics and utilizing a layered defence approach, individuals and organizations can significantly reduce vulnerability.

How to Prevent Phishing?

The key to preventing phishing is a multi-layered approach that combines awareness, security measures, and cautious behaviour.

Familiarize yourself with common phishing tactics like social engineering and phoney links being used in the Euros scams. Be sure you are aware of the emotional triggers attackers use including fears of losing money, missing out on opportunities, or legal trouble.

Be vigilant in scrutinizing email addresses for misspellings, unusual characters, or domains that don't match the sender's name.

Look for grammatical errors, misspellings, or inconsistencies in logos, branding, or overall email design compared to what you expect from the supposed sender.

If you work in an organization, participate in any phishing awareness training offered. This training can help you stay sharp and identify new phishing techniques.

For strong passwords ensure that you aim for at least 12-15 characters that combine uppercase and lowercase letters, numbers, and symbols. Don't reuse passwords across accounts. If one account is compromised, they all could be vulnerable.

Make sure all important accounts are protected with multi-factor authentication. Multi-factor authentication is a security method that adds an extra layer of protection when logging in to accounts or accessing resources It requires you to provide two or more verification factors to gain access.

Whenever possible, set your software to update automatically. Don't ignore update notifications and install them as soon as possible to stay protected.

By combining strong passwords, MFA, updated software, and a cautious approach to links, you significantly reduce the risk of falling victim to cyberattacks, even if you encounter a malicious link.