The Football Season Is In Full Swing & So Are Cybercriminals

As the excitement of the 2025/25 football season grows, so does the increased threat of cybercrime toward fans. The global sporting industry, with its massive fanbase and online presence, has become a lucrative target for cybercriminals.

These attackers are increasingly sophisticated, using complex social engineering tactics to lure fans into their traps. They pose as official partners, ticketing platforms, or even online travel booking sites, aiming to steal personal data and financial information.

Champions League organisers have even had to assure clubs and fans there is no possibility of the new AI-assisted draw for the men's UEFA competition being manipulated tomorrow, with extra security in place to guard against cyber attacks.

The stakes are high, not just for fans but also for the clubs and organisations that form the backbone of this beloved sport. While clubs may have strong security measures in place, they often overlook a critical vulnerability: third-party vendors.

The Rise Of Cyber Threats In Football

Cybercriminals are no longer just targeting corporate networks; they are going after the fans themselves. According to the SonicWall 2024 Mid-Year Cyber Threat Report, there has been a 10% increase in global malware attacks, with the UK seeing a staggering 62% rise. When looking at these threats from a sport perspective, it’s clear this could be directly linked to the digitalisation of football, where fans increasingly engage with their favourite teams online, whether through ticket purchases, streaming, or social media interactions.

These interactions create numerous opportunities for cybercriminals to exploit.

For instance, phishing attacks have become more prevalent, with hackers sending fake emails that appear to be from legitimate football organisations. These emails often contain malicious links or attachments designed to steal sensitive information. With the Premier League season kicking off and other major events on the horizon, the frequency and sophistication of these attacks will continue to rise.

The Importance Of Vendor Security

Even if football clubs invest heavily in securing their own networks, they are still vulnerable if their third-party vendors are not equally vigilant. A network’s security is only as strong as its weakest link, but what many organisations fail to account for are all the links of the third-party vendors who have direct touches within a company’s networked environment.

These vendors include ticketing companies, travel agencies, and merchandise suppliers—all of whom have access to sensitive customer data. If these vendors do not have robust cybersecurity measures in place, they become an easy entry point for cybercriminals. This is particularly concerning given the high volume of transactions and personal information exchanged during the football season.

Fans & Their Lines Of Defence

For fans, the first line of defence is awareness. Understanding the risks associated with online interactions related to football is crucial. Fans should be cautious when clicking on links or downloading attachments, especially from unfamiliar sources. Using strong, unique passwords for different accounts and enabling two-factor authentication can also help protect personal information.

Additionally, fans should be wary of deals that seem too good to be true. Cybercriminals often use the promise of discounted tickets or exclusive merchandise to lure unsuspecting victims. Always verify the legitimacy of a website before making any purchases, and consider using a credit card rather than a debit card for online transactions, as credit cards typically offer better fraud protection.

The Role Of football Clubs

Football clubs also have a significant role to play in protecting their fans. They must ensure that their websites, apps, and online platforms are secure and regularly updated to protect against the latest cyber threats. This includes using secure payment gateways and SSL certificates to encrypt data.

Moreover, clubs should educate their fans about the potential risks of cybercrime. Regularly sharing tips on safe online practices and warning about ongoing scams can help fans stay vigilant.

Collaborating with cybersecurity experts to assess and strengthen security measures, particularly with third-party vendors, is also essential.

Both fans and clubs must be proactive in protecting against the growing threat of cybercrime. By staying informed, adopting best practices, and ensuring that all links in the security chain are strong - from the clubs to their vendors - football can remain a safe and enjoyable experience for everyone involved.

Spencer Starkey is VP EMEA of SonicWall 

Image: Jannik

You Might Also Read: 

Major Sporting Events Are Open Targets:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Managing Zero-Day Vulnerabilities In The Real World
British NHS Hospitals Under Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

PFP Cybersecurity

PFP Cybersecurity

PFP provides a SaaS solution for life-cycle protection based on our IoT security platform and power usage analytics.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

Digital Defense Inc (DDI)

Digital Defense Inc (DDI)

DDI offers vulnerability scanning, penetration testing, web application testing, social engineering and additional security assessments.

Invensis Learning

Invensis Learning

Invensis Learning is a professional training and certification company providing IT Service Management, IT Security & Governance, DevOps, Cloud Computing and Digital Awareness training.

FFRI Security

FFRI Security

FFRI is committed to research and development of preventing the most advanced cyber-attacks and breaches.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

AU10TIX

AU10TIX

AU10TIX’s smart forensic-level ID authentication technology links physical and digital identities, meets compliance mandates, and ensures your customers know their trust and safety come first.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Global Resilience Federation (GRF)

Global Resilience Federation (GRF)

GRF builds, develops and connects security information sharing communities for mutual defense.

Allure Security

Allure Security

Allure Security AI-driven brand protection scans more of the online world for faster, more accurate detection & removal of spoof websites, social media & mobile apps -- before customers fall victim.

Emircom

Emircom

Emircom is one of the Middle East's leading independent providers of IT infrastructure services, helping clients to drive growth and deliver measurable outcomes.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.

Fusion5

Fusion5

Fusion5 is a leading ANZ Business Services and IT Solutions provider. Our customers trust us to make their potential reality by providing advisory, IT project deployment, and managed services.