Wave of cyber-enabled scams target FIFA World Cup fans

As the global tournament enters its second full week in Qatar, FIFA World Cup scams are proliferating as cybercriminals aim to score big from unsuspecting fans, according to data collected by cybersecurity firm Group-IB.

As widely expected ahead of the games, scammers have set up a variety of ways to harvest personal information and steal money from people trying to buy merchandise or tickets online or searching for on-site work during the games, the researchers found.

Researchers said Tuesday they’ve identified as many as 90 potentially compromised Hayya accounts, which is the mandatory system established so World Cup attendees can enter Qatar and access tickets and other services such as transportation.

To carry out their World Cup scams, the researchers observed the attackers using info-stealing malware such as Redline and Erbium.

The researchers also identified fake merchandise and ticket websites used to steal money directly or swipe banking credentials. They also uncovered roughly 40 fake apps in the Google Play Store promising access to tickets, and at least five websites purporting to be job application forms used to harvest personal information.

A scam FIFA World Cup 2022 merchandise site. (Group-IB)

In another instance, scammers impersonated an unnamed “leading Qatari petrochemical company” to goad users into filling out a survey — which asks for a range of personal information — on the chance they’ll receive a prize. Those users are then asked to share the link to the scam survey via WhatsApp to between five and 10 groups or 20 to 30 contacts.

The company shared its findings with Interpol and, with respect to the compromised fan portal accounts, the Qatar Computer Emergency Response Team.

Group-IB researchers detected more than 16,000 scam domains in the run up to the tournament, the company said Tuesday, along with “dozens” of fake social media accounts, advertisements and mobile apps targeting World Cup fans and attendees. Those findings line up with data collected by other firms, including Kaspersky and Trellix, which reported Nov. 17 a 100 percent increase in the volume of malicious emails in Arab countries from September to October.

Trellix researchers reported a range of malware families used as part of the various scams, including Qakbot, Emotet, Formbook, Remocos and QuadAgent.

World Cup 2022 cyber scams have been ongoing for at least a year. In November 2021, researchers with Kaspersky reported on roughly 11,000 scam emails detected at that point related to invites to bid on providing services for the event, or event giveaways, CNET reported at the time.

Source: CyberScoop