Scammers Are Targeting World Cup Viewers and Workers

Goalkeepers and defenders aren’t the only ones getting tricked up at this year’s World Cup. New researcher shows some of the event’s estimated one million attendees and over 1 billion worldwide viewers are being targeted by scammers hoping to cash in on this year’s record viewership.

Cybersecurity researchers from the firm Group-IB say they detected more than 16,000 scam domain sites, dozens of fake social media advertisements, and more than 90 potentially compromised accounts on FIFA’s official World Cup 2022 fan portals. All of those efforts had one shared goal: steal money and personal information from unsuspecting soccer fans.

In some instances, attackers created fake merchandise websites where they are able to collect fans’ payment information. The scammers reportedly placed more than 130 fake advertisements on social media marketplaces in order to drive traffic to those malicious merch sites. When they arrived at the site, fans thought they were buying branded t-shirts from their favorite teams. In reality, they were either directly paying the scammers or handing over their credit card numbers. To carry out the attacks, they used well known information stealing malware called Redline and Erbium.

Worse still, the researchers say they identified around 90 potentially compromised accounts on Qatar 2022’s official Fan ID portal Hayya. FIFA did not immediately respond to Gizmodo’s request for comment.

“Threat actors have a track record of trying to cash in on major events, especially those in the sporting world,” Group-IB’s Head of Digital Risk Protection Analytics Team, Sharef Hlal said.

Tickets for the game are hard to come by with some of the event’s fanciest seats selling for upwards of $30,000. That high demand makes the allure of potential tickets a hot spot for phishing scams. In this case, the Group-IB researchers said they tracked more than five websites and more than 50 social media accounts that engaged in phishing campaigns where they tricked users into believing they were purchasing tickets. The fake social media accounts would direct users to chats with scammers on WhatsApp and Facebook Messenger which, after some back and forth, would eventually end up in users forfeiting their personal information.

Some scammers took their efforts a step further, even going as far as to develop and publish roughly 40 fake applications on the Google Play store utilizing FIFA’s official World Cup branding. In these cases, once again, the enticing promise of tickets are used as bait to lure fans in.

Fans weren’t the only ones targeted. Group-IB says it identified multiple fake phishing websites which target workers vying for a job at the tournament. In these cases, scammers generally phished for workers’s personal data, possibly to be used in future attacks, rather than their credit cards.

Group-IB, which began tracking some of the websites starting in September, said it shared its findings with the international crime fighting agency Interpol. The researchers cautioned World Cup fans to remain “extra vigilant” and double check they are actually accessing official tournament websites and social media accounts before handing over any payment details. 

The scams come during some one of the tournament’s most historic, and controversial, games in recent memory. Last week, the match taking place between England and the United States drew record viewership with Fox Sports drawing a television audience of nearly 15.4 million people according to Bloomberg. All those eyeballs translate to more potential attack vectors from scammers looking to make an easy buck off the impassioned fans. 

“The aim of this research was to raise awareness of the multiple different types of scams that users may be confronted with throughout the World Cup,” Hlal said. “We urge internet users to be on high alert and double check any domain that they encounter on social media or through messengers.” 

Goalkeepers and defenders aren’t the only ones getting tricked up at this year’s World Cup. New researcher shows some of the event’s estimated one million attendees and over 1 billion worldwide viewers are being targeted by scammers hoping to cash in on this year’s record viewership.

Cybersecurity researchers from the firm Group-IB say they detected more than 16,000 scam domain sites, dozens of fake social media advertisements, and more than 90 potentially compromised accounts on FIFA’s official World Cup 2022 fan portals. All of those efforts had one shared goal: steal money and personal information from unsuspecting soccer fans.

In some instances, attackers created fake merchandise websites where they are able to collect fans’ payment information. The scammers reportedly placed more than 130 fake advertisements on social media marketplaces in order to drive traffic to those malicious merch sites. When they arrived at the site, fans thought they were buying branded t-shirts from their favorite teams. In reality, they were either directly paying the scammers or handing over their credit card numbers. To carry out the attacks, they used well known information stealing malware called Redline and Erbium.

Worse still, the researchers say they identified around 90 potentially compromised accounts on Qatar 2022’s official Fan ID portal Hayya. FIFA did not immediately respond to Gizmodo’s request for comment.

“Threat actors have a track record of trying to cash in on major events, especially those in the sporting world,” Group-IB’s Head of Digital Risk Protection Analytics Team, Sharef Hlal said.

Tickets for the game are hard to come by with some of the event’s fanciest seats selling for upwards of $30,000. That high demand makes the allure of potential tickets a hot spot for phishing scams. In this case, the Group-IB researchers said they tracked more than five websites and more than 50 social media accounts that engaged in phishing campaigns where they tricked users into believing they were purchasing tickets. The fake social media accounts would direct users to chats with scammers on WhatsApp and Facebook Messenger which, after some back and forth, would eventually end up in users forfeiting their personal information.

Some scammers took their efforts a step further, even going as far as to develop and publish roughly 40 fake applications on the Google Play store utilizing FIFA’s official World Cup branding. In these cases, once again, the enticing promise of tickets are used as bait to lure fans in.

Fans weren’t the only ones targeted. Group-IB says it identified multiple fake phishing websites which target workers vying for a job at the tournament. In these cases, scammers generally phished for workers’s personal data, possibly to be used in future attacks, rather than their credit cards.

Group-IB, which began tracking some of the websites starting in September, said it shared its findings with the international crime fighting agency Interpol. The researchers cautioned World Cup fans to remain “extra vigilant” and double check they are actually accessing official tournament websites and social media accounts before handing over any payment details. 

The scams come during some one of the tournament’s most historic, and controversial, games in recent memory. Last week, the match taking place between England and the United States drew record viewership with Fox Sports drawing a television audience of nearly 15.4 million people according to Bloomberg. All those eyeballs translate to more potential attack vectors from scammers looking to make an easy buck off the impassioned fans. 

“The aim of this research was to raise awareness of the multiple different types of scams that users may be confronted with throughout the World Cup,” Hlal said. “We urge internet users to be on high alert and double check any domain that they encounter on social media or through messengers.”