© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Top FIFA World Cup Qatar 2022 scams to watch out for


Attackers target FIFA World Cup 2022 fans searching for tickets, official merchandise, and temporary jobs in Qatar.

It is estimated that over a billion people will watch the championship, and scammers are eager to capitalize on the tremendous interest in the tournament.

Group-IB has detected over 90 potentially compromised accounts on Qatar 2022’s official Fan ID portal Hayya. Threat actors leveraged info-stealing malware, such as RedLine and Erbium, to steal passwords.

The cybersecurity company also identified four different waves of scam and phishing attacks.

1. Fake merchandise. In one observed scam, fraudsters crafted a fake merchandise website and placed over 130 advertisements on social marketplaces to drive traffic to the website. Scammers pretend to sell branded t-shirts to extract victims’ banking details.

2. Fake tickets. Scammers register fake sites and trick victims into believing they are purchasing official tickets for the game. “Scammers will either receive the funds from the transaction or, in some cases, they steal the bank card details of the user, who will not receive any tickets,” Group-IB said. There are at least 40 fake applications on the Google Play Store. They promise users access to tickets and games but are designed to steal personal and financial information.

3. Attackers are also after job seekers. Group-IB identified five scam websites with keywords such as “job” and “Qatar.” Scammers promote these pages on social media. “This scam campaign is a ploy to steal victims’ data, including their full name, country, phone number, and information about their education.” This information is useful for social engineering attacks.

4. Attackers leverage surveys to extract personal information from victims. Group-IB identified and analyzed more than 16,000 fake surveys impersonating several prominent brands, including thousands that used the branding of the FIFA World Cup in Qatar. Scammers create counterfeit forms and promise respondents to reward them with a gift after they complete the survey.

“To protect themselves from the attacks of scammers throughout the event, users should be extra vigilant and double-check that they are accessing official tournament websites and social media pages before making contact and entering any personal or payment details. Users should also be cautious when following links that allegedly lead to the website of a specific company and check the URL, as scammers frequently use domain names that look similar to existing brand names in order to trick internet users into submitting sensitive data,” Group-IB said.


More from Cybernews:

WhatsApp data leak: 500 million user records for sale

OpZero’s modus operandi: opportunity hunter, front for Kremlin, or both?

RansomExx joins the ranks of ransomware gangs switching to Rust

UK bans Chinese cameras on government sites

Almost a thousand arrested over global $130m cyber fraud

Why individual arrests will not shut down LockBit

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked