Avast researchers have observed a significant increase in blocked URL attacks on match days as viewers search for free streaming platforms.

Jan,* an Avast threat researcher, is a huge football fan (soccer, to any Americans reading), and he’s always trying to find ways to stream games that are airing outside of his native Czech Republic. But during the first matches of the UEFA Champions League — the last match of which airs on June 10 — he was surprised by how many warnings were popping up from his Avast cybersecurity. Curious about what might be happening, he decided to take a closer look.  

He found he wasn’t the only one. Football fans across Europe have already been targeted on match days — especially around kickoff — showing drastic increases in blocked cyberattacks. 

“As we know, cybercriminals capitalize on human emotions — and the desire of fans to watch their team play in the Champions League is a strong one,” says David Jursa, Avast Malware Analysis Lead. “Unfortunately, criminals often use promises of free streaming as a lure and pepper popup ads, phishing sites, malvertising, and other scams throughout a stream to get access to peoples’ personal data and devices.”  

Risky streaming business  

Fans are rightfully excited about watching their teams compete in Europe’s elite competition and are often willing to dig deep into the depths of the internet to stream matches for free. Unfortunately, this behavior comes with a price. Anyone who has tried to search terms such as “Stream Inter Milan vs. Manchester City for Free” knows the hoops people jump through to get to such games: Usually the free streaming links don’t show up on the first pages of search results but rather far in the search queue.   

In the majority of cases, those free links lead only to malware, without even a free video stream. A common journey for this infection starts with a page that displays a fake request to download a required video software in order to start streaming (spoiler alert: it’s a malware package and there will be no stream after its installation), or it may request your personal details (email address, telephone number, and so on) in order to start playing (spoiler alert: the same conclusion).  

Even when users eventually find a free stream, they will often notice layers of popups in front of the video content that need to be clicked on to be removed. These popups contain great offers and advertisements which are often phishing scams and malvertising — clicking on these links can result in devices being infected, user data being stolen, and sometimes worse, including financial loss and identity theft.  

Dangerous data  

Avast Researchers noticed spikes in blocked URL attacks during matches of the 2022-2023 UEFA Champions League season. To better understand the interactions between visitors and malicious sites, they looked at blocked URLs on a global scale and then the five major football countries in Europe: Spain, Italy, United Kingdom, Germany, and France.   

The data was clear: Not only was there a significant increase in blocked URL attacks on match days (compared to days in which there was no major football match), but spikes in blocks can be seen almost exactly at the time of kickoff. Globally, Avast saw an increase of over 45% in attacks during Champions League matches.   

When looking at the country level, some fans seem to have riskier streaming habits than others, with Spanish viewers having the highest risk with an increase in attacks during matches of over 154%. In the spirit of competition, Avast ranked the markets from safest to most dangerous viewing behaviors:  

1. Germany (35%)  
2. United Kingdom (39%)  
3. Italy (67%)  
4. France (93%)  
5. Spain (154%)  

3 tips to watch safely  

1. Choose an authorized viewing method. We know, this often means paying! The only way to ensure you are viewing content safely is to watch via official sites. If paying to stream isn’t an option, local restaurants and pubs often show the game live.  
2. Think before you click. It’s easy to quickly click through the internet, but it’s one of the fastest ways to get yourself in trouble. If you think you’re safe but start to see suspicious content and popups, slow down, and make sure not to click any links.  
3. Always use security software. If you venture into areas of the internet that you’re not sure are safe or not, the best thing you can do is have security software on your machine to help guide you. In case malicious URLs or sites are on your search journey, the right software will help block the dangerous popups and sites before they can cause serious harm.   

Avast is part of Gen™, a global company powering Digital Freedom with a family of consumer brands around the globe. 

*Not his real name — Avast security researchers are serious about privacy.