The wait is finally over as the Federation Internationale de Football Association (FIFA) World Cup 2022 has just kicked-off in Qatar this week from November 20. However, security experts are warning football fans about a number of online scams including phishing pages impersonating legitimate websites to ticketing scams and counterfeit cryptocurrencies etc., they need to be careful about during the tournament.
Many of these can infect users’ devices with malware, steal passwords to capture online accounts and even drain bank account or crypto wallet.
Security researchers have underscored some of the most popular scams in this FIFA World Cup and have offered tips on how you can avoid falling victim to them.
According to a blog post by security researchers from ESET, scammers are trying to sell fake tickets via email but these messages were actually just phishing attempts. Tickets to a World Cup 2022 match can be had for as little as $11 for group matches or as much as $1,600 for the final, noted the report.
Trellix researchers further noted that these documents also contain an html attachment which redirects the user to a customized phishing page.
At the same time, hackers pretend to be from FIFA teams’ helpdesk, and are sending email that shows a fake alert notification regarding the de-activation of two factor authentication and are redirecting the user to a phishing page, researchers at Trellix said.
Cybercriminals are also using lottery scams to try and trick soccer fans according to ESET. The messages used in these scams aim to convince users that they’ve won a cash prize, ticket or a holiday package to watch the World Cup in person. The real intention, however is to steal personal data, money or trick you into installing malware on your devices.
Fake gifts and merchandise
According to a blog post from Kaspersky, phishing pages offering the chance to win two tickets to the tournament. Like with lottery scams, the ‘lucky’ winner will often have to pay a delivery fee for the tickets which is pocketed by cybercriminals.
Fake FIFA merchandise like T-shirts, caps and coffee mugs with popular players and even signed balls are another way hackers are using conning football fans ahead of World Cup 2022. In this case, they get your personal information like your address along with any money transferred while you get nothing in return.
Trellix researchers found that Snoonu, the official food delivery partner of the World Cup is spoofed, offering fake free tickets to those who register. It contains a malicious xlsm attachment. The usage of such trusted organizations' names and their templates makes the user fall for such attacks easily.
Fake streaming sites
Even users who are not physically travel to Qatar need to be careful when streaming World Cup matches online. Fake streaming sites are often used to spread malware and other viruses which is why you should head directly to our World Cup 2022 live stream hub if you want to watch this year’s matches online, said Trellix researchers.
Crypto and NFT scams
Kaspersky’s researchers have observed plenty of them leading up to this year’s World Cup. While some offer fans the chance to bet on a match and win cryptocurrency, others give them a chance to win an NFT or non-fungible token. The cybercriminals behind these scams have potential victims enter their crypto wallet credentials in order to gain access to all of their funds and wallet data.
Another cryptocurrency scam related to World Cup 2022 saw the creation of a new token called FIFA Inu. However, after launching, its price rose and then suddenly dropped. Still though, its creators have denied any allegations that FIFA Inu was actually a scam.
Kaspersky found fake travel agency sites offering plane tickets to Doha, Qatar. “Internet users need to be wary of fake sites like this because cybercriminals would request to enter personal data and banking information under the pretext of booking a flight ticket,” the research firm said in a blog.
The analysed webpage shows all the classic signs of a scam – nice appearance, wrong spelling, freshly registered domain, and limited functionality of the site. Although the site mimics a global airfare aggregator, the user can only choose Qatar in the list of destination countries. Once flight details are entered, the victim is offered the chance to enter personal data along with ID and credit information.
Tips to stay safe from World Cup 2022 scams
To avoid falling victim to these and other World Cup 2022 scams, users need to carefully examine emails and messages for spelling, grammar and punctuation errors.
It will be safe to check the link before clicking. Hover over it to preview the URL, and look for misspellings or other irregularities. It’s better not to follow links from e-mails at all. Instead, you can open a new tab or window and enter the URL of your bank or other destination manually, said Kaspersky researchers.
Users should note that legitimate companies don’t ask for data such as credit card numbers or passwords to ‘verify your account details’ or ‘update your account information’, said ESET.
To protect your devices and data, you should use those reputed antivirus software solutions in the market.
Using a free public Wi-Fi connection is risky. User data on these networks is unprotected, which makes it vulnerable to cyber criminals, Trellix report said.
Whether you’re traveling to Qatar for a match or streaming World cup matches online with friends or family, it is important to use a trusted VPN connection.