Why has there been a sudden surge in phishing attacks in the Gulf region?

Cybercriminals are exploiting the fear and uncertainty surrounding the conflict in Iran and the wider Middle East. Following the US-Israeli strikes on February 28th, researchers observed a 130% spike in malicious emails. Attackers are using the regional instability and shipping disruptions as "social engineering" lures to trick people into acting quickly without thinking.

What kind of email lures are attackers currently using?

While the attacks are linked to the geopolitical situation, the emails often look like standard business communications. Common lures include fake invoices, contracts, banking documents, and delivery notifications. These are designed to exploit business disruptions and pressure employees into opening attachments or clicking links to "resolve" urgent issues.

What are the best practices for defending against social engineering tactics?

To defend against sophisticated social engineering campaigns, you should treat all unexpected business emails—especially those containing .zip, .rar, or .hta attachments—with high suspicion. Always hover over links to inspect the true destination before clicking, and never let "urgent" language pressure you into bypassing security protocols. Most importantly, verify any financial or legal request through a secondary, trusted channel, such as a known phone number or official company portal, rather than replying to the email.

Phishing Attacks Begin Targeting the 2026 FIFA World Cup

A major phishing operation is targeting soccer/football fans ahead of the 2026 FIFA World Cup, which begins in June, according to researchers at Flare. The attackers have set up at least 79 phishing sites impersonating the official FIFA website.

“The fraudulent sites function as full-ecosystem replicas, not simple phishing pages: HTML and structural elements are copied from the malicious infrastructure, while images and icons are pulled directly from the real FIFA website, blending legitimate and fraudulent content to deceive even attentive users,” Flare says.

The attackers have registered typosquatting and lookalike domains designed to fool users into thinking they’re on the legitimate FIFA site.

“Threat actors have registered domains such as vww-fifa[.]com, which combines character substitution (“www” → “vww”) and structural variation (“fifa.com” → “fifa-com”) to mislead even experienced users,” the researchers explain. “Lookalike domains, by contrast, do not rely on direct string similarity but instead exploit brand association and user expectations. Domains such as fifa[.]sale can convincingly impersonate official services – such as ticketing or merchandise platforms—despite not matching the original domain structure.”

The sites are designed to trick users into entering their credentials and payment information, as well as send a direct payment to the attackers when the user tries to purchase phony tickets or merch. Additionally, if the attackers obtain credentials for a user’s legitimate FIFA account, they may be able to steal their real tickets and scalp them for exorbitant prices.

Flare concludes, “Awareness, verification, and proactive monitoring are critical for fans, and organizations can proactively detect and disrupt fraud infrastructure to protect end users.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 Platform to strengthen their security culture and reduce human risk.

Flare has the story: Massive World Cup Consumer Fraud Infrastructure Targets Fans Before Kickoff

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Phishing Attacks Begin Targeting the 2026 FIFA World Cup

See KnowBe4 Cloud Email Security in Action

Secure the Digital Workforce: Human + AI

ABOUT KNOWBE4 TEAM

Subscribe the KnowBe4 Blog

Posts By Topic

Get the latest insights, trends and security news. Subscribe to CyberheistNews.

Get the latest insights, trends and security news. Subscribe to CyberheistNews.