16,000+ scam domains targeting FIFA World Cup fans in Qatar
As fraudsters readily jump to exploit events of great global interest, it comes as no surprise that Group-IB discovered a number of frauds and phishing attacks targeting football fans invested in buying tickets, official merchandise and jobs during the 2022 FIFA World Cup in Qatar.
Before the tournament even began, researchers from the Group-IB Digital Risk Protection team identified scam domains, fake social media accounts, ads and mobile applications that lured users into entering personal information and bank credentials.
One of the fraud schemes identified was a counterfeit goods website that in some cases directed the money from the transaction to the fraudsters and in other cases stole the user’s bank credentials. In any case, the users never received the national team shirt.
The fraudsters also used more than 130 ads on social media apps to drive traffic to the website.
FIFA World Cup tickets were another opportunity for fraudsters to try to sell fake tickets to unsuspecting users who wanted to buy tickets for the matches. By tracking five websites and more than 50 social media accounts created no earlier than September 2022 and mentioning the words “FIFA”, “World Cup” and “tickets”, Group-IB identified potential fraud. Again, fraudsters either received money from the transaction or stole the bank card details.
In the report shared with Hackread.com, Group-IB noted that up to 40 fake applications were found on the Google Play Store, promising users access to tickets to the games.
Another five scam websites were found using keywords such as “job” and “Qatar”, which used the official tournament logo to make the website appear credible to those looking to find work during the World Cup. Another 30 social media pages were created by threat actors to promote their scam sites.
Furthermore, it was not only the World Cup that was targeted, but also major brands, including thousands who used the branding of the FIFA World Cup in Qatar. Group-IB identified and analyzed more than 16,000 fake surveys impersonating such brands.
- Brand protection is critical to cyber security
- Hundreds of shoe stores with fake brands hacked with skimmers
- Phishing: Italian football club tricked into sending out 2 million euros to crooks
- 42,000 phishing domains detected masquerading as popular brands
- Microsoft, PayPal and Facebook most targeted brands in phishing scams