hometechnology NewsFIFA World Cup: Several online scams target fans — here is how you can protect yourself

FIFA World Cup: Several online scams target fans — here is how you can protect yourself

A number of initial coin offerings (ICOs) have appeared alongside these new cryptocurrencies and tokens (ICOs). The popularity of cryptocurrencies has increased dramatically since they were first introduced and is continuously rising.

Profile image

By Pihu Yadav  Nov 28, 2022 4:11:14 PM IST (Published)

Listen to the Article(6 Minutes)
7 Min Read
FIFA World Cup: Several online scams target fans — here is how you can protect yourself
The FIFA World Cup 2022 is underway and with it, several online scams have kicked off. The World Cup is one of the most-watched sports events globally and an event with this level of popularity and interest also attracts fraudsters and cybercriminals looking to capitalise on fans’ excitement.

Email security researchers from the Trellix Advanced Research Center have found attackers to be leveraging FIFA and football-based campaigns to target organisations in Arab countries. It is a common practice for attackers to utilise important/popular events as a part of their social engineering tactics and particularly target the organisations which are related to the event and more promising victims for the attack.
The volume of malicious emails in Arab Countries was observed to have increased by 100 percent in the month of October. As the host country and the affiliated organisations prepare for the event, attackers take advantage of employees’ busy schedules which increases the chances of human error and victims interacting with the attack vector. The aim of such attacks can be variable like financial fraud, credential harvesting, data exfiltration, surveillance, or damage to the country’s/organisation’s reputation.
Another report by cybersecurity firm, Technisanct, suggests that fraudsters have been using several online scams — lottery, giveaway, betting, etc — to lure users around the world.
Cyber criminals lull victims into thinking they have won cash, a ticket, or a hospitality package to attend a game. The true objective, though, is often the same to persuade you to part with your money or personal information or to accidentally download malware onto your device that will steal your data. 
“Typically, the data gathered through these phishing scams is either sold to third parties or used to create customised schemes (potentially, cyber criminals). However, emails with subject lines like "2022 FIFA Lottery Award" may also ask recipients to conduct financial transactions (such as paying taxes or transactions, storage, shipping, or other costs) in order to claim the fictitious rewards. The fake money may be requested to be transferred through dubious payment gateways that pose as phishing websites, according to scammers. As a result, the financial information entered into them—such as online bank IDs, usernames, passwords, banking account information, credit card numbers, etc—is made available to cyber criminals,” the report said.
Similarly, these cyber criminals also use giveaways as a means to get information from users. “The catch is that you have to send a particular amount of bitcoin to a giveaway address in order to enter the giveaway, validate your wallet address, and claim your half of the giveaway. When a victim sends money to the scammer's address, there is nothing anyone can do to retrieve it and the scammer has profited because bitcoin transactions are irreversible,” Technisanct added.
There are also many fake sports betting websites and apps available on the internet. These might look like regular betting platforms but they restrict you from withdrawing any money even if you have won. Technisanct says that these restrictions can look like sluggish payment processing, technical difficulties, and even untrue accusations saying that they didn't receive your initial deposit. The platforms can also prevent you from withdrawing any of your earnings unless you make yet another deposit.
A number of initial coin offerings (ICOs) have appeared alongside these new cryptocurrencies and tokens (ICOs). The popularity of cryptocurrencies has increased dramatically since they were first introduced and is continuously rising. Investors have shown that they are willing to spend money on highly speculative cryptocurrencies despite the fact that these digital currencies are highly volatile in nature. Technisant says that although around 20 tokens emerged in the name of the FIFA World Cup, users might be investing in fraudulent tokens and ICOs without even realising it.
CloudSEK, another cybersecurity firm, shared a report that stated that several Telegram channels are offering services to book flights and hotels in Qatar.
Telegram message offering to book hotel and flight tickets to Doha (Image: CloudSEK)
"Carding groups sell stolen credit card details to carry out illegal and unauthorised transactions. They also provide services to cash out money from these cards, using prepaid gift cards, to cover their tracks. Carding groups could be using FIFA-themed fake sites to collect card details from unsuspecting users, and then use them to book hotel and flight tickets," it added.
Telegram channels were found selling Hayya cards for $50 to $150. These cards are essentially permit documents and must be presented along with the original ticket in order to enter the stadium on game day. To create Hayya cards, the threat actors claim to require the buyer’s valid IDs like passports. And the payment is only accepted in Bitcoin. A little sus, don't you think?
(Image: CloudSEK)
"There is also considerable chatter among threat actors, on cybercrime forums, regarding various methods to forge or hack FIFA services. Threat actors are also sharing hacking techniques that purportedly allow one to register for a Hayya card without a valid FIFA ticket number, for free. The technique is based on brute forcing the ticket number based on an alleged ticket number pattern that the threat actor shared: '300 and 4 random digits'," CloudSEK said.
So, how does one protect themself from these scams?
According to McAfee, the most common telltale signs are misspelt words, poor grammar, and a sender email whose email address makes no sense or whose phone number is unknown.
“It's important to realise that these messages can come via a variety of channels, including email, text messages, (also known as smishing) and other messaging channels like WhatsApp and Telegram. No matter what the source is, it’s essential to remain vigilant and pause to think before clicking links or giving out personal or banking information,” the company added.
To be perfectly safe, stick with well-known ticket brokers and those who offer consumer protection. Also, beware of sites that don’t accept debit or credit cards and only accept payment in the form of bitcoin or wire transfers such as the one on the fake ticket site below:
(Image: McAfee)
The red box on the right image shows that the ticket site accepts payment via Bitcoin. 
Other red flags to look out for are websites which ask you to contact them to make payment and the only contact information is via WhatsApp.
On where to stream the World Cup, McAfee advises using a legitimate streaming service. A quick Google of “FIFA World Cup 2022 Official Streaming” along with your country should get you the information you need to safely watch the event through official channels. The official FIFA website itself is also a good source of information. 
Illegal streaming sites usually contain deceptive ads and malware which can cause harm to your device. 
Lastly, remember to not get carried away with excitement and if something sounds too good to be true, it probably is. While it is heartbreaking to watch your favourite team lose, it is worse to lose your money and data with it.

Most Read

Share Market Live

View All
Top GainersTop Losers
CurrencyCommodities
CurrencyPriceChange%Change