Experts Find 16,000+ Scam FIFA World Cup Domains

Written by

Security researchers have warned of a deluge of phishing scams, fake apps and malicious merchandising sites spoofing the branding of the FIFA World Cup in Qatar to target football fans.

Group-IB said it tracked over 16,000 scam domains and 40 malicious apps in the Google Play store that were using FIFA World Cup 2022 branding to lure users.

Scammers are using a range of tactics to part football fans from their money, personal information and credentials.

They’ve launched fake merchandising sites and spoofed ticketing sites designed to harvest money and/or bank details from victims. In both cases, social media marketplace ads and malicious social media accounts help to direct traffic to the fake sites, Group-IB said.

The fake apps are set up to do a similar job – stealing banking and account credentials by promising access to purchase tickets.

In other cases, scam job sites have been set up using the World Cup as a lure to steal victims’ personal data. Group-IB said it spotted at least five of these, using keywords such as “job” and “Qatar,” and driving traffic to the sites from over 30 specially designed social media pages.

Another tactic is to create fake surveys impersonating major brands, as well as the World Cup itself. These promise a gift for filling out the form with personal information and phone numbers. Victims are also often asked to share a link to the scam on WhatsApp, the report claimed.

Group-IB identified more than 16,000 of these fake surveys.

The security company also revealed that over 90 users of the official fan ID app, Hayya, had their accounts hijacked after passwords were lifted via commodity info-stealing malware such as RedLine and Erbium.

“Threat actors have a track record of trying to cash in on major events, especially those in the sporting world,” explained Sharef Hlal, Group-IB’s head of the digital risk protection analytics team in the Middle East and Africa.

“The aim of this research was to raise awareness of the multiple different types of scams that users may be confronted with throughout the World Cup, and we urge internet users to be on high alert and double check any domain that they encounter on social media or through messengers.”

Earlier this month Digital Shadows released research revealing similarly widespread efforts to cash in on the competition via spoofed domains, fake apps and fraudulent social media pages.

Editorial credit icon image: ArifAsif / Shutterstock.com

What’s hot on Infosecurity Magazine?