With million of football fans turning into digital platforms to watch their favourite teams slug it out in the reactivated Premier League, NCSC has warned that cyber criminals could exploit the opportunity to steal credentials and other personal information of football fans in the UK.
The National Cyber Security Centre's warning is based on cyber criminals targeting almost every digital platform with a susbstantial following with credential-stealing attacks, be it e-commerce sites, dating apps, streaming applications, or those offering sports subscriptions.
With the Covid-19 outbreak forcing the FA to allow Premier League games behind closed doors, millions of football fans have no choice but to live-stream games on various digital platforms, including websites and apps run by Premier League clubs. However, this trend should not come at the cost of people's privacy and security, the watchdog warned.
According to NCSC, cyber criminals are looking to take advantage of the fact that hundreds of thousands of netizens use easy-to-guess and obvious passwords for their online accounts, and many of them also use the same passwords for multiple online accounts for the sake of convenience. This ensures that a cracked password can enable fraudsters to access multiple accounts that have the same passwords.
In April last year, NCSC’s UK Cyber Survey revealed that hundreds of thousands of football fans in the UK used the names of their favourite football teams as their account passwords. While 280,723 people chose 'liverpool' as their account passwords, 216,677 used 'chelsea', 179,095 used 'arsenal', and 59,440 people chose 'manutd' as their account passwords. According to the report, as many as 700,000 accounts had been compromised through hackers guessing a device’s passwords as ‘liverpool’, ‘chelsea’ or ‘arsenal’.
With every single Premier League fan forced to watch football games online, the number of compromised accounts could be many times more this year unless people take steps to secure their online accounts, such as using complex passwords, refreshing their accounts, and updating streaming apps to the latest version.
"As well as illegally watching the game the victim has paid for, the hackers could make unauthorised purchases on the platform or look to find personal information that could be used for further scams – including targeting them with scam emails or phone calls. There have been reports of similar attacks when other television subscription models have launched with more people spending time at home in the coronavirus outbreak," NCSC said.
If you are using an online account or have recently set up an online account to stream Premier League matches, you can take the following precautions to prevent cyber criminals from gaining access to your account:
1. Create a separate password for your email
2. Create strong passwords using three random words
3. Save your passwords in your browser by using reputed password managers
4. Turn on two-factor authentication (2FA) for important accounts
5. Update your devices regularly (ideally set to ‘automatically update’)
6. Back up important data