Connect with us

Hi, what are you looking for?

HEADLINES

Top 5 schemes cybercriminals are running amid the biggest sport event

To get a better overview of how scammers are trying to monetize football fans’ interest, Kaspersky experts have analyzed World Cup-related phishing websites from around the globe designed to steal users’ identifying and banking data.

The FIFA World Cup Qatar 2022™ is the most awaited sports event of 2022 for football fans and kicks off on November 20. As well as exciting hundreds of millions of fans worldwide, it’s also attracted the interest of cybercriminals looking to make a fast buck.  

To get a better overview of how scammers are trying to monetize football fans’ interest, Kaspersky experts have analyzed World Cup-related phishing websites from around the globe designed to steal users’ identifying and banking data. Kaspersky researchers have found fake pages offering everything from tickets or event merch, to match streaming services, plus numerous giveaways and NFT scams exploiting the World Cup.

Ticketing scams

As with all major global sports events, fake tickets are the spread bait most used to lure victims and this World Cup is no exception. Additionally, Qatar 2022 is only offering digital tickets, increasing the risk of running into malicious resources. Kaspersky experts discovered numerous phishing pages offering to buy tickets for FIFA matches. Needless to say, users will lose personal data, banking details, and money. Additionally, scammers may start also using the stolen data for other purposes or sell it on the Dark Web.   

Advertisement. Scroll to continue reading.

An example of a phishing page

Gifts

No big public event is complete without fraudsters imitating extremely generous giveaways. Kaspersky experts also found phishing pages offering to win two tickets to the World Cup. This is quite popular where usually each user becomes a ‘lucky’ winner; with the chosen ones only needing to pay a delivery fee. 

Merchandise 

Another way to steal users’ data is via fake FIFA-related merchandise stores. While the offer of a T-shirt of your favorite team, phone cases with popular players, or signed soccer balls sounds good, after entering your data and transferring money to make a purchase, fans lose their cash to fraudsters instead.

Crypto and NFT frauds

Advertisement. Scroll to continue reading.

A distinctive feature of the threat landscape on the eve of the 2022 World Cup has been the active spread of various crypto scams, mostly exploiting the popularity of NFTs. Some offer to make a bet on a match and win cryptocurrency, others to win worldwide related NFT art. All the user needs to do is to enter crypto wallet credentials, so the ‘prize’ transfers directly. In such scenario, scammers gain access to all savings and related wallet data.

An example of the World Cup related crypto scam

Another scheme is crypto investment fraud is a bright example of a dubious investment. Fraudsters actively create real coins and convince a user to invest in it while promising the victim potential currency growth. In real life, such initiatives are almost never a success as users have spent money on something that will never develop. 

An example of the World Cup related NFT scam

Flights and accommodations 

Pandemic imposed limitations will also see the 2022 World Cup stage many offline events with live viewers, involving thousands of tourists in Qatar – something scammers have not missed. Kaspersky experts have observed numerous phishing pages imitating airline services offering tickets to Doha. The analyzed web page shows all the classic signs of scam – nice appearance, wrong spelling, freshly registered domain, and limited functionality of the site. Although the site mimics a global airfare aggregator, the user can only choose Qatar in the list of destination countries. Once flight details are entered, the victim is offered the chance to enter personal data along with ID and credit information.

An example of a phishing page offering to buy a plane ticket


“Major sport events always attract the attention of cybercriminals. With this World Cup, scammers got very creative, as we have observed a variety of fraudulent schemes employed. We see how they are trying to benefit most from the situation and exploit as many trendy topics as possible, including a growing number of NFT scams related to the World Cup. At the same time, there are many so-called traditional scams out there from giveaways and fake tickets to merch stores. These schemes are simple, yet, effective and is why such fraudulent pages are eternal companions of big events. We encourage users to be attentive when they receive offers that seem too good to be true and carefully check the validity of the messages they receive,” comments Olga Svistunova, a security expert at Kaspersky.

Advertisement. Scroll to continue reading.

To avoid falling victim to a scam, Kaspersky advises users to: 

  • It will be safe to check the link before clicking. Hover over it to preview the URL, and look for misspellings or other irregularities  Check the sender’s address. Most spam comes from email addresses that don’t make sense or appear as gibberish – for example, amazondeals@tX94002222aitx2.com or similar. By hovering over the sender’s name, which itself may be spelled oddly, you can see the full email address. If you’re not sure if an email address is legitimate or not, you can put it into a search engine to check.  
  • It’s better not to follow links from emails at all. Instead, you can open a new tab or window and enter the URL of your bank or other destination manually.
  • Consider what kind of information is being requested. Legitimate companies don’t contact you out of the blue via unsolicited emails to ask you for personal information such as banking or credit card details, social security number etc. In general, unsolicited messages telling you to ‘verify account details’ or ‘update your account information should be treated with caution.  
  • Use a reliable security solution, such as Kaspersky, that identifies malicious attachments and blocks phishing sites.
  • Be wary if the message is creating a sense of urgency. Spammers often try to apply pressure by creating a sense of urgency. For example, the subject line may contain words like “urgent” or “immediate action required” – to pressure you into acting.  
  • Grammar and spelling check is the effective way to identify a scammer. Typos and bad grammar are red flags. So too are odd phrasing or unusual syntax, which might result from the email being translated back and forth through translator several times.  

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement