Group-IB discovered many scams and Phishing attacks on football fans who had invested money in tickets and official merchandise for the FIFA World Cup 2022.
Researchers from Group-IB Digital Risk Protection identified fake accounts on social media, scam websites, ads, and mobile apps that lured users into entering their banking details and personal information before the tournament began.
A fake website selling merchandise was one of many scams that were identified. It directed money from transactions to scammers in certain cases and stole user’s bank credentials in others. Users never received their team shirt, regardless of the scam.
To drive visitors to the website, they also used more than 130 ads on social media.
Scammers have another avenue to sell tickets to the FIFA World Cup to anyone who is interested in purchasing them. Group-IB discovered potential frauds by tracking more than 50 social media accounts and five websites that were created after September 2022. These accounts included the terms “FIFA”, World Cup and tickets. Scammers stole bank card information or received money from the transaction.
Group-IB shared its findings with Hackread.com. It found that 40 false applications had been discovered on Google Play Store. These apps promised users tickets to the games.
Five other scam websites used keywords like “job” or “Qatar”, and made use of the tournament logo to appear legitimate for people looking for work at the World Cup. Threat actors created another 30 social media pages to market their scam sites.
It wasn’t only the World Cup, but large companies, too, were targeted, with thousands of brands using the FIFA World Cup branding in Qatar. More than 16,000 counterfeit surveys were identified by Group-IB and analysed.