The 2016 European Championship Will Also Become a Target of Cyberattacks

Since the beginning of the Internet, all major sporting events have been targeted by cyberattacks. Considering that hundreds of thousands of fans, sponsors, and public institutions are involved in global competitions, it is clear that cybercriminals seek to exploit the excitement, enthusiastic participation, and—perhaps most importantly—the growing dependence on technology. Undoubtedly, the 2016 European Championship will also become a target of cyberattacks.

Looking back, during the 2008 Beijing Olympics, organizers were subjected to more than 12 million cyberattacks per day. Online ticket fraud and the rise of fake ticket websites resulted in millions of dollars in losses.

By 2010, cyberattacks had become commonplace at major sporting events. During the FIFA World Cup, spam SMS and email campaigns were widespread. For example, during the 2010 World Cup, an email promoting a fake contest called “Final Draw” with a $550,000 prize circulated, encouraging victims to share personal information supposedly to transfer money.

During the 2012 London Olympics, cybersecurity teams were formed to protect the event. They guarded against at least one hacking attempt per day, handled up to 11,000 malicious requests per second, and blocked 212 million malicious connection attempts. Nevertheless, not all attacks were prevented. For instance, a spam wave claimed that recipients had won a “2012 London Olympics Draw” and urged them to call a phone number, respond to a malicious email, and disclose personal data. In another case, attackers posed as ticket providers, tricking fans and stealing their bank card data.

At the 2014 World Cup, the variety and severity of cybercrime increased significantly. Both the Brazilian government and the organizing committee were targeted by hackers—data was exfiltrated from Foreign Ministry systems. Simultaneously, DDoS attacks rendered internal systems temporarily inaccessible. In addition, attackers used various techniques—from malware to phishing—to steal personal and financial data via phishing websites, search engines, spam emails, and even fake applications.

These past experiences clearly show that the 2016 European Championship will likely face similar attack threats.

Some common types of cyberattacks expected during major sporting events include:

DDoS Attacks: Aimed at damaging the organizers’ reputation and causing financial harm, including targeting points of sale. Recall the recent DDoS attack in Turkey that disabled even POS and banking systems. In recent years, DDoS attacks have grown significantly in size and complexity.

Malware Attacks: Fans and organizers are both potential targets. Unsuspecting users may download malware from spoofed websites or spam emails. For example, during the Pan American Games in the Dominican Republic, malware was used to compromise internal networks, preventing current scores from reaching fans and media.

Credit Card Skimming: Given the abundance of shopping opportunities at event venues, attackers frequently use skimming devices attached to POS terminals or ATMs to steal card data and funds.

Ticket Fraud: Includes fraudulent online ticket sales or tickets that are never delivered. A striking example from the 2008 Beijing Olympics involved a professional-looking “Beijing 2008 Ticketing” website operated by the U.S.-based Xclusive Leisure and Hospitality, which sold over $50 million worth of fake tickets.

Phishing Attacks: Phishing surges are common during major sporting events. Before the last World Cup, spam increased by over 40%, and more than 4,000 phishing sites were detected. Attackers use these to harvest personal information.

Rogue Wi‑Fi Networks: Attackers may break into legitimate Wi‑Fi configurations or set up rogue public access points. When users connect, their traffic can be intercepted—enabling credentials like usernames and passwords to be stolen.

Social Engineering / Impersonation: These attacks often take the form of emails appearing to come from event organizers, offering “free tickets” or exclusive access, designed to trick recipients into revealing personal information.

What can be done to stay protected?

Stay on official organizer websites when purchasing tickets. Bookmark licensed, official sites to reduce the risk of visiting fraudulent addresses.

Be skeptical of overly attractive offers—they often conceal personal or financial data-stealing intents. If something seems too good to be true, it probably is. Always verify any offer, regardless of origin—especially on social media. If your account is compromised, your followers and friends may also be at risk.

Use a comprehensive network security solution that protects against web-based attacks. Don’t forget to secure mobile devices—if you can access vulnerabilities freely, so can attackers.

Avoid public Wi‑Fi; connect through your mobile operator’s network whenever possible.

Deploy enterprise-grade anti‑DDoS inspection in front of your service servers.

Ensure you have an Incident Response Team ready at the organizational level to act swiftly in case of a cyberattack.