The Football Season Is In Full Swing & So Are Cybercriminals

Uploaded on 2024-12-10 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

As the excitement of the 2025/25 football season grows, so does the increased threat of cybercrime toward fans. The global sporting industry, with its massive fanbase and online presence, has become a lucrative target for cybercriminals.

These attackers are increasingly sophisticated, using complex social engineering tactics to lure fans into their traps. They pose as official partners, ticketing platforms, or even online travel booking sites, aiming to steal personal data and financial information.

Champions League organisers have even had to assure clubs and fans there is no possibility of the new AI-assisted draw for the men's UEFA competition being manipulated tomorrow, with extra security in place to guard against cyber attacks.

The stakes are high, not just for fans but also for the clubs and organisations that form the backbone of this beloved sport. While clubs may have strong security measures in place, they often overlook a critical vulnerability: third-party vendors.

The Rise Of Cyber Threats In Football

Cybercriminals are no longer just targeting corporate networks; they are going after the fans themselves. According to the SonicWall 2024 Mid-Year Cyber Threat Report, there has been a 10% increase in global malware attacks, with the UK seeing a staggering 62% rise. When looking at these threats from a sport perspective, it’s clear this could be directly linked to the digitalisation of football, where fans increasingly engage with their favourite teams online, whether through ticket purchases, streaming, or social media interactions.

These interactions create numerous opportunities for cybercriminals to exploit.

For instance, phishing attacks have become more prevalent, with hackers sending fake emails that appear to be from legitimate football organisations. These emails often contain malicious links or attachments designed to steal sensitive information. With the Premier League season kicking off and other major events on the horizon, the frequency and sophistication of these attacks will continue to rise.

The Importance Of Vendor Security

Even if football clubs invest heavily in securing their own networks, they are still vulnerable if their third-party vendors are not equally vigilant. A network’s security is only as strong as its weakest link, but what many organisations fail to account for are all the links of the third-party vendors who have direct touches within a company’s networked environment.

These vendors include ticketing companies, travel agencies, and merchandise suppliers—all of whom have access to sensitive customer data. If these vendors do not have robust cybersecurity measures in place, they become an easy entry point for cybercriminals. This is particularly concerning given the high volume of transactions and personal information exchanged during the football season.

Fans & Their Lines Of Defence

For fans, the first line of defence is awareness. Understanding the risks associated with online interactions related to football is crucial. Fans should be cautious when clicking on links or downloading attachments, especially from unfamiliar sources. Using strong, unique passwords for different accounts and enabling two-factor authentication can also help protect personal information.

Additionally, fans should be wary of deals that seem too good to be true. Cybercriminals often use the promise of discounted tickets or exclusive merchandise to lure unsuspecting victims. Always verify the legitimacy of a website before making any purchases, and consider using a credit card rather than a debit card for online transactions, as credit cards typically offer better fraud protection.

The Role Of football Clubs

Football clubs also have a significant role to play in protecting their fans. They must ensure that their websites, apps, and online platforms are secure and regularly updated to protect against the latest cyber threats. This includes using secure payment gateways and SSL certificates to encrypt data.

Moreover, clubs should educate their fans about the potential risks of cybercrime. Regularly sharing tips on safe online practices and warning about ongoing scams can help fans stay vigilant.

Collaborating with cybersecurity experts to assess and strengthen security measures, particularly with third-party vendors, is also essential.

Both fans and clubs must be proactive in protecting against the growing threat of cybercrime. By staying informed, adopting best practices, and ensuring that all links in the security chain are strong - from the clubs to their vendors - football can remain a safe and enjoyable experience for everyone involved.

Spencer Starkey is VP EMEA of SonicWall 

Image: Jannik

You Might Also Read: 

Major Sporting Events Are Open Targets:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Managing Zero-Day Vulnerabilities In The Real World
British NHS Hospitals Under Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

HackCon Norway

HackCon Norway

HackCon is for the people who are interested in technology, psychology, IT and security, and who wants to improve their knowledge within these areas.

Centre for the Protection of National Infrastructure (CPNI)

Centre for the Protection of National Infrastructure (CPNI)

CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter cyber threats.

European Recruitment

European Recruitment

European Recruitment is an award-winning, international recruitment agency specialising in niche technology areas including Cyber Security.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

Crypto4A Technologies

Crypto4A Technologies

Crypto4A quantum-ready cybersecurity solutions significantly improve protection for Cloud, loT, Blockchain, V2X, government and military application deployments.

GLESEC

GLESEC

GLESEC offer a complete range of Cyber Security services from Operations & Intelligence Services to Auditing & Compliance and Simulation and Training.

CYSEC SA

CYSEC SA

Cysec is equipped to deliver agile security solutions for the most challenging IT infrastructures around the world.

Ermetic

Ermetic

Ermetic’s identity-first cloud infrastructure security platform provides holistic, multi-cloud protection in an easy-to-deploy SaaS solution.

CertiProf

CertiProf

CertiProf has been enhancing professional lives since 2015, offering a wide range of IT certifications and agile framework training.

Global Market Innovators (GMI)

Global Market Innovators (GMI)

Global Market Innovators (GMI) delivers secure technology solutions to organizations in need.

Code First Girls

Code First Girls

Code First Girls are on a mission to close the gender gap in the tech industry by providing employment through free education.

Silobreaker

Silobreaker

Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace.

AuthX

AuthX

AuthX provides secure and seamless log-in capabilities through strong authentication and integrations.

Concertium

Concertium

Concertium is a complete cybersecurity partner equipped with the expertise and services to deliver end-to-end visibility and protection from evolving cyber threats.