Cybercriminals and fraudsters have dedicated entire ecosystems to scamming and stealing from Formula 1 fans, a new report has warned.
According to the Bitdefender Cybersecurity Grand Prix Fan Threat Index, the growing global digital ecosystem around motorsport makes it an ideal target for scammers.
Fans and Formula 1 teams alike now find themselves in attackers’ crosshairs.
Scams targeting F1 fans range from being sold counterfeit merchandise and fake grand prix tickets, to illegal streaming services and social media scams. All designed to steal personal information, credit card details, generate illicit revenue and distribute malware.
Motorsport fans are also being duped into having their devices unwittingly roped into being part of a notorious botnet of millions of devices used to carry out DDoS attacks, according to Bitdefender.
“Why motorsports? Because things are moving fast and when things are moving fast, people make mistakes,” said Bogdan Botezatu, senior director of threat research at Bitdefender.
The new Bitdefender report is the culmination of a yearlong project analyzing the cybercriminal landscape around Formula 1 weekends.
“We know how cybercriminals operate before, during the races and after them,” said Botezatu during the launch of the report at Maranello, Italy, the headquarters of the Scuderia Ferrari HP Formula 1 team, of which Bitdefender is the official cybersecurity.
Fake F1 Streaming Apps
Like many sports, F1 races are mostly locked behind TV channels or online services which require paid subscriptions.
One of the most common scams deployed by cybercriminals during race weekends is tricking people into downloading applications which they are told will allow them to watch the races for free.
Advertised on social media, Discord and Telegram, these applications require users to manually install APK files outside official app stores.
In some instances, the report explained, scammers use the Clickfix social engineering technique to bypass any protections users may have on their device.
Those who use illegitimate streaming services are often unknowingly providing scammers with various monetization streams. This can range from excessive advertising, forced redirects and aggressive pop-ups, all the way up to installing infostealer malware on the victim’s machine with the aim of stealing their usernames, passwords and banking information.
And to add insult to injury, the victim has likely been tricked into downloading a falsely advertised app which doesn’t even show the race in the first place.
An alternative option some fans have turned towards to watch F1 broadcasts are streaming boxes. With cost in mind, many users have purchased cheap, third-party boxes.
While they may save the user money, they can come with unexpected cybersecurity risks like malware pre-installed on the device.
Formula 1 Fans Targeted by Counterfeit Merchandise
Many Formula 1 fans are passionate about a particular team, especially the more high-profile entrants, such as Mercedes, McLaren, Ferrari or Red Bull. However, official merchandise isn’t cheap, meaning many fans will actively be on the lookout for discounts and deals.
According to Bitdefender, fake motorsport shops aggressively advertise on social media, promoting heavily discounted merchandise through adverts on social media.
A common scam sees fraudsters post adverts which claim to offer merchandise at 80% discounts. It’s a pattern which has been used to scam fans of other major sporting events like the World Cup or the Olympics.
In some cases, the buyer will receive a shoddy discount bootleg of real merchandise. In others, the fake online store serves as a phishing site and is used to steal personal information and banking information.
In both cases, this scam infrastructure is set up by threat actors who are skilled at cloning websites and exploiting social media platforms to promote them.
To avoid falling victim to cybercrime and scams around Formula 1, sports and other major events, Bitdefender has urged users to be wary of products and services offered which seem to be good to be true.
Anti-phishing or anti-virus applications can also help users stay safe.
Image credit: cristiano barni / Shutterstock.com
