Researchers warn of surge in online scams ahead of FIFA World Cup 2022

With only ten days to go for the FIFA World Cup 2022 in Qatar to begin, online fraudsters are looking to invariably leverage the ‘buzz’ to defraud sports lovers and those looking for information, tickets or news. Researchers from cybersecurity company ESET have warned that scammers continue to explore different types of scams and threats including lottery scams, rogue websites and ticket scams and cryptocurrency scams to target users. 

For example, ESET researchers have detected a number of global phishing campaigns that seek to trick people into thinking that they won a lottery prize. To collect “winnings”, it appears that the user only needs to fill in a few fields via a form and provide personal details, such as your full name, date of birth, and phone number. 

“At some point, the agent will let you know that before you can actually claim your prize, there is some tax or fee to be paid. Once the transfer is completed, the scammers have accomplished their objectives: they’ve stolen your money and personal information for follow-on fraud or in order to sell it to other crooks,” researchers said. 

There are also a more convincing variety of phishing fraud that involves rogue websites posing as the real ones. Links to them are also distributed through spam emails, via fake social media profiles or in discussion forums, said ESET. 

Another cybersecurity firm, Digital Shadows has found 174 malicious domains impersonating official websites belonging to the Qatar World Cup. Among these pages, a notable example was the qatar2022[.]pro impersonating domain – the attackers merely changed the top-level domain (TLD) to deceive users.  

Referring to the qatar2022[.]pro and other similar sites, ESET researchers said that regardless of whether these sites are spitting images of legitimate sites or not, they are designed to steal personal and financial data, login credentials and other sensitive information. Also, messages sent via WhatsApp and involving bogus giveaways, fake social media profiles or even malicious ads that redirect users to rogue websites are coming up frequently among other criminal activity, said ESET. 

Digital Shadows also identified 53 impersonating mobile apps from fraudulent stores over the past 30 days – with some even available on legitimate sites like the Google Play store. 

Cybersecurity firm Avast have also warned users of scams on the FIFA World Cup event this year, on its official blog, listing the most common ones from ticket scams to SEO poisoning, lottery scams, phishing, and malware distribution. 

The key recommendations from researchers include users be alert and avoid downloading apps from third parties and clicking on suspicious links, such as links sent from unknown senders. Users should enable two-factor authentication to ass an extra layer of protection on their device and also use a strong and unique password when creating an online account, and a reliable antivirus or security software to avoid such scams, they said.