The mega football event in Qatar appears to have been exposed to cyber hackers, according to a recent survey called “FIFA World Cup Qatar 2022 Cyber Threat Landscape” by CloudSEK, an AI-based cyber security company.
Threat actors are piggybacking on the hype created by Crypto.com as official FIFA sponsor and Cristiano Ronaldo partner Binance is promoting soccer-themed non-fungible tokens (NFTs). Now these threat actors are selling fake “World Cup Coin” and “World Cup Token” by marketing them as limited edition cryptocurrency.
“However, most of these purported coins do not exist. Yet, the promise of high returns and the novelty factor entice crypto investors, enthusiasts and collectors to fall for these scams,” the report said.
Phishing and fraud with ticket sales during the FIFA World Cup
Due to the popularity of the FIFA World Cup, tickets are in high demand. Fraudsters have set up websites selling fraudulent tickets to take advantage of this mismatch between supply and demand.
According to the CloudSEK report, the phishing sites ask users to register, and after collecting PII, it redirects users to a payment page. After the payment is successful, the users do not receive the tickets. In some cases, even the payment gateway is fake and designed to steal banking information.
“Threat actors use techniques such as fast flux, botnets and reverse tunnel services to ensure that the fake pages are not detected and removed. There are even Telegram channels that claim to provide ticket availability checking services. They then notify users when tickets are available, and asking them to list phishing domains to book tickets, the report said.
Here are some of the recommendations for FIFA fans from the CloudSEK report
– Buy FIFA tickets and Hayya card only from the official website.
– Validate the legitimacy of cryptocurrencies before investing in them.
– Do not use FIFA-related services from Telegram or social media.
– Do not share your PII or banking information with unknown people or websites.
– Do not install applications shared via Telegram, social media or from third-party app stores.
– Review permissions that apps request and disable permissions that are not necessary for the app’s functionality.
– Be careful with schemes that seem too good to be true.