Phishing, fake applications... Beware of scams related to the World Cup

     Like all major events, the current World Cup brings with it a slew of scams to trick Internet users. For example, even before the competition began on November 20, researchers at the security firm Group-IB Digital Risk Protection had detected more than 16,000 fraudulent domain names and dozens of fake accounts that appeared on social networks. Ads and applications were even created by scammers.

 

    Similarly, official fan sites have been compromised with nearly a hundred accounts hacked through phishing or malware such as RedLine and Erbium. World Cup or not, the idea of the cybercriminals is still the same: to try to get money from the victims or at least to steal their personal identifiers in order to perform other operations and eventually access their bank accounts.

Here are the top 4 scams around this World Cup 2022

•  Fake websites to sell official jerseys: The creation of fake merchant websites powered by the purchase of advertising space on social networks to generate traffic. The website offers consumers official jerseys of the national teams participating in Qatar 2022, and users are asked to enter their credit card details or transfer money via the payment systems displayed on the fake site in order to purchase a jersey. Then, the bank account is debited and the famous jersey never arrives because it doesn't exist. Even worse, the scammers were able to get their hands on valid bank identifiers.
•  The sale of counterfeit bills: When it's too good, it's shady. Tickets for the major matches at good prices, that's what the crooks offer. Commercial sites of circumstance have been set up since September with the keywords revolving around this competition. Sites whose traffic is driven by the creation of many fake accounts on social networks. Obviously, there are no tickets at the end of the payment, but a bank account and bank data that escape any control. There is also the variant of the mix between social networks and messengers. This is particularly the case with attractive publications, but which only serve as a pretext for the Internet users to go on to direct discussions with the crooks in WhatsApp or Facebook Messenger. This allows them to obtain personal information and money transfers to sell fake tickets quite quickly. In addition, job boards around the competition have also been exposed.
•  Fake applications: There would be about 40 fake applications in the Google Play Store on this World Cup theme. The brand FIFA World Cup 2022 is used to confuse users and lead them to download the fake application. Again, these applications are used to buy fake tickets and for this, as always the victim leaves a lot of personal and banking information. On the volume of interested, this scam works, even if the Qatari government asks foreigners to use the Hayya application to check the validity of a ticket and display it to enter the stadium. 
•  Scams outside the stadiums: Hackers are clever and as the spotlight is on Qatar, it is also an opportunity to play with the biggest brands promoted by the competition. In all, 16,000 fake surveys or contests to win prizes in the context of the World Cup were generated by the hackers. These questionnaires were supposedly from existing local brands, whose names were spoofed. In the end, there were no prizes, but personal data was stolen.