World Cup Phishing Attacks Doubled And Will Increase

Phishing Attacks Targeting Middle East Users Double Leading up to World CupResearchers at Trellix revealed that phishing email attacks targeting users in the Middle East doubled in October 2022 ahead of the World Cup in Qatar, as reported by The Record.

The end game of these attacks include financial fraud, credential harvesting, data exfiltration, surveillance, and damage to a country or organization’s reputation.

The rest of the world will soon follow.

The emails vary in subject matter. Here are a few examples provided by Trellix:

  • Fake FIFA help desk emails warning of two-factor authentication deactivation
  • Emails impersonating a team manager with a supposed payment confirmation phishing link
  • Fake FIFA ticketing office emails warning of a payment issue
  • Bogus legal notifications of a ban implemented by FIFA from registering new players 
  • Impersonated Players Status Department emails notifying users of delayed legal fees using WeTransfer's template
  • Spoofed emails from Snoonu, the official food delivery partner of the World Cup, offering fake free tickets to those who register

John Fokker, Head of Threat Intelligence & Principal Engineer at Trellix, told The Record that they anticipate these attacks to continue through January 2023.  “In this instance, we found the attention to the details incorporated into the malicious URLs and customized web pages to be notable, allowing cybercriminals to successfully impersonate league staff and team managers,” he explained.

Trellix said the top five malware families it found targeting Middle Eastern countries right now included Qakbot, Emotet, Formbook, Remcos and QuadAgent. These malware strains typically intend to steal confidential data or information, credentials or gain remote control of a device. 

Jeremy Fuchs, a cybersecurity research analyst at Avanan, confirmed that they have also seen an influx of phishing emails related to the World Cup in a variety of different languages. “One common thread is related to betting on the World Cup, trying to entice end-users to wager. Instead, the email and resulting link steals credentials,” he said.

Joseph Carson, chief security scientist and Advisory CISO at Delinea, told The Record that during all major events, such as the upcoming World Cup in Qatar, they always see a major increase in cybercrime targeting unsuspecting fans and followers. Many fake, fraudulent websites, apps or emails that appear official will come loaded with an abundance of scams and these scams can result in stealing the victims credentials, passwords, credit card information, infecting their computer or smartphone with malicious software or even ransomware, Carson explained. 

Cybersecurity firm Recorded Future recently released a report that said while no  state-sponsored cyber operations have yet been identified, Russia “is an outlier and very likely harbors a strong set of grievances and thus motivation for targeting the 2022 FIFA World Cup.” Russia may want to “embarrass Qatar as the host country for siding with the coalition of countries supporting Ukraine’s territorial integrity, as well as to retaliate for Russia being banned from participating in the tournament.”

The Record has the full story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Cybersecurity Awareness Month Free Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews