Group-IB found 40 malicious apps, over 50 social media accounts and 130 pages, advertisements, and more than 16,000 domains designed to scam users.
Amidst the 2022 FIFA World Cup, possibly the biggest spectacle of the year,one would expect malicious actors to try to scam their way into people’s bank accounts or obtain personal information for further attacks. Group-IB has identified four such scams prevalent on the web as the tournament enters the knockout stages.
With an expected viewership of 1.08 billion viewers, 51% of whom said they would follow the event on the internet, the 2022 edition of the FIFA World Cup presents an ocean of targets to exploit. Security firm Group-IB discovered that threat actors are deceiving unwitting fans into revealing personal information or financially duping them through ticketing, merchandising, or work-related lures.
Group-IB found 90 potentially compromised accounts on Hayya, the World Cup’s official fan portal for keeping track of match schedules and free metro access for transit. The company also came across 40 malicious apps, over 50 social media accounts and 130 social media pages, advertisements, and more than 16,000 domains designed to scam users.
Roger Grimes, data-driven defense evangelist at KnowBe4, told Spiceworks, “Any large newsworthy event becomes a beacon for phishing scammers and hackers. The best way to defend yourself is to train yourself and your co-workers in how to recognize scams.”
The bad guys have created more than 50 social media pages and five websites that mention the words “FIFA,” “World Cup,” and “tickets”. Users are coaxed into carrying out a transaction through a payment portal or share their credit card information in exchange for (fake) tickets.
While websites need to look convincing, scammers use social media pages to transfer the conversation to WhatsApp or Facebook Messenger, where they are pressured to purchase fake tickets.
Social Media Page Selling Fake FIFA World Cup Tickets | Source: Group-IB
The 40 applications, all available on the Google Play Store, are designed to carry out more or less similar fake-ticket activities.
Besides tickets, threat actors are also exploiting the high demand for branded merchandise of participating teams by setting up a fake website that sells said merchandise along with as many as 130 pages on social media to direct traffic. Like tickets, users who submit credit card or banking details or pay through other means will never receive what they paid for.
See More: Experts Cite Privacy Risks From Two Qatari Apps Required for FIFA World Cup Visitors
Scammers are using fake surveys to collect the personal information of users through fake survey forms. Users are beguiled into filling out the survey, disguised as a form from a Qatari petrochemical company or multiple other world cup-associated brands, in exchange for a FIFA World Cup celebration gift.
Threat actors also ask users to share the link with 20 to 30 of their contacts or five to 10 groups they may be a part of.
Through the survey, the bad guys ask for full names, emails, home addresses, and phone numbers, which can then be used for personalized phishing attacks intended for financial crimes of malware distribution.
There are five scam websites that purportedly give employment to job seekers in Qatar during the world cup. These websites use the words “job,” “Qatar,” and the official event logo to lend themselves credibility.
Scam websites offering non-existent jobs in Qatar, like surveys, serve as a means to collect preliminary user data, used to socially engineer future financial fraud or other cyberattacks. Nearly 30 social media pages feed user traffic to these scam job websites.
“The two biggest signs of any social engineering scam is a message that arrives unexpectedly and is asking the receiver to do something they have never done before, at least for that sender. Any message with those two traits should be carefully researched to confirm their legitimacy before performing the requested actions. This needs to be the default behavior for anyone,” Grimes added.
To avoid becoming a phishing target, watch out for email/message structure and content language for spelling errors and how the target user is addressed, whether the email is conveying urgency to action, slight changes in the domain of any link or the email addresses like the use of similar-looking characters or symbols (for instance, using capital I instead of small case l), or whether it has any attachments.
“And it doesn’t just apply to the World Cup. It should apply to everything every day.”
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Image source: Shutterstock
Asst. Editor, Spiceworks Ziff Davis