Researchers at Trellix revealed that phishing email attacks targeting users in the Middle East doubled in October 2022 ahead of the World Cup in Qatar, as reported by The Record.
The end game of these attacks include financial fraud, credential harvesting, data exfiltration, surveillance, and damage to a country or organization’s reputation.
The rest of the world will soon follow.
The emails vary in subject matter. Here are a few examples provided by Trellix:
- Fake FIFA help desk emails warning of two-factor authentication deactivation
- Emails impersonating a team manager with a supposed payment confirmation phishing link
- Fake FIFA ticketing office emails warning of a payment issue
- Bogus legal notifications of a ban implemented by FIFA from registering new players
- Impersonated Players Status Department emails notifying users of delayed legal fees using WeTransfer's template
- Spoofed emails from Snoonu, the official food delivery partner of the World Cup, offering fake free tickets to those who register
John Fokker, Head of Threat Intelligence & Principal Engineer at Trellix, told The Record that they anticipate these attacks to continue through January 2023. “In this instance, we found the attention to the details incorporated into the malicious URLs and customized web pages to be notable, allowing cybercriminals to successfully impersonate league staff and team managers,” he explained.
Trellix said the top five malware families it found targeting Middle Eastern countries right now included Qakbot, Emotet, Formbook, Remcos and QuadAgent. These malware strains typically intend to steal confidential data or information, credentials or gain remote control of a device.
Jeremy Fuchs, a cybersecurity research analyst at Avanan, confirmed that they have also seen an influx of phishing emails related to the World Cup in a variety of different languages. “One common thread is related to betting on the World Cup, trying to entice end-users to wager. Instead, the email and resulting link steals credentials,” he said.
Joseph Carson, chief security scientist and Advisory CISO at Delinea, told The Record that during all major events, such as the upcoming World Cup in Qatar, they always see a major increase in cybercrime targeting unsuspecting fans and followers. Many fake, fraudulent websites, apps or emails that appear official will come loaded with an abundance of scams and these scams can result in stealing the victims credentials, passwords, credit card information, infecting their computer or smartphone with malicious software or even ransomware, Carson explained.
Cybersecurity firm Recorded Future recently released a report that said while no state-sponsored cyber operations have yet been identified, Russia “is an outlier and very likely harbors a strong set of grievances and thus motivation for targeting the 2022 FIFA World Cup.” Russia may want to “embarrass Qatar as the host country for siding with the coalition of countries supporting Ukraine’s territorial integrity, as well as to retaliate for Russia being banned from participating in the tournament.”
The Record has the full story.