The FIFA World Cup has drawn a global audience, attracting both criminals and their victims. Football fans are being targeted with APT campaigns, phishing, DDoS attacks, identity theft, and crypto fraud. Let us take a look at the various kinds of threats and their impact on organizations and audiences.

Fake Hayya cards

A Hayya card is a mandatory, personal document required to attend the FIFA World Cup matches in Qatar. Due to the significance of these documents, threat actors have started forging them and selling them to unsuspecting targets.
  • Researchers detected 90 possibly infected Hayya accounts. 
  • They found multiple Telegram channels selling Hayya cards for $50 to $150. 
  • Furthermore, the scammers got access to the buyers’ IDs, including passports. In addition to this, payment is accepted only in Bitcoins.

Fake cryptocurrency

  • Crypto[.]com is an official FIFA sponsor and Binance has partnered with Christian Ronaldo for the promotion of football-related NFTs. 
  • Threat actors are taking advantage of this and selling fake World Cup-themed cryptocoins and tokens. 

Cashing stolen credit cards

  • Cybercriminals are selling stolen credit card details to conduct unauthorized transactions.
  • Moreover, they have been offering cashing out services from these stolen cards and using prepaid gift cards to hide tracks. 
  • Researchers anticipate that carding groups will use FIFA-themed fake websites to pilfer card details from victims.

Phishing attacks and scams

Phishing attacks against victims in the Middle East spiked 100% last month, reported Trellix. 
  • Scammers have set up fake streaming sites and lottery schemes to harvest personal information and steal money from people looking to buy merchandise or tickets online. 
  • A sophisticated third-party ad fraud campaign was found using the official website of FC Barcelona to direct traffic to a possibly fraudulent iGaming website.

The bottom line

FIFA World Cup 2022 scams have been ongoing for a year now, and with the matches already here, threat actors are burning the midnight oil. Fans are recommended to avoid clicking on links in emails from unknown sources and organizations are recommended to implement real-time monitoring and disruption on phishing sites, fake social media pages, and fraudulent apps.
Cyware Publisher