The 2022 FIFA World Cup in Qatar is ready to begin! From November 20 to December 18, one of the most important sporting events of the year will attract hundreds of millions of football fans from all over the world. Nevertheless, as we have seen before, sly people on the internet always use the buzz surrounding such big events to cheat.
Her team ESET gives us some examples of how fraudsters are gearing up for the upcoming event and what are the 7 steps we can take to avoid falling prey to their tricks.
Often, criminals make victims believe they have won a cash prize or a ticket or hospitality package to attend a football match. Their intent, however, is usually the same: to get you to give them your personal information or money, or to unwittingly download information-stealing malware.
ESET researchers have identified several international phishing campaigns that seek to trick people into thinking they've won a prize. All you need to do to… receive your “earnings” is to fill in a few fields on a form and provide personal information, such as your name, date of birth and phone number.
As shown in example below, along with the announcement will be the name of a contact person who will supposedly "help" you claim your prize. At some point, the "employee" will inform you that in order to claim your winnings you will have to pay some tax or some fees. Once the money transfer is complete, the scammers will have achieved their goals: they will have stolen your money and personal information either to move on to the next stage of the scam or to sell it to other scammers.
Image 1. Fake lottery announcement using World Cup as bait
In the above example, she the image was sent as an attachment Email. The scammers ask for personal identification information and, in order to receive the "ATM card", they ask you to contact the "agent", who asks for a fee before the card is sent to you.
A telltale sign that something is wrong is its title Email. Email subject lines aren't very creative – think “Draw winner Qatar World Cup 2022″, “Draw winner QATAR 2022 FIFA” or “Congratulations you won the lottery QATAR FIFA 2022 MEGA WORLD CUP LOTTERY". On the other hand, they can certainly attract attention and boost one's hopes.
Follows another sample phishing message about the World Cup. The image, embedded in an email message, includes a button "Click here" to get a ticket and watch the opening match of the World Cup. In these types of campaigns, however, clicking the button results in giving away your personal data or downloading malicious content to your computer or mobile device.
Image 2. https://twitter.com/gmsectec/status/1566017176611553281
Sometimes a more convincing (if you don't pay much attention to detail) form of phishing scam involves deceptive websites that are identical to the original ones. You may be led to them as well through someone link that you will receive from spam messages, through fake social media profiles or discussion forums.
Regardless of whether these websites are exact copies of legitimate websites or not, the bottom line is that they are promoted to steal personal and financial data, login credentials and other sensitive information or as a way installation of malware on the devices of the victims.
The site he copies below the official World Cup website, including the real URL – https://www.qatar2022.qa/ (note the .pro level domain on the fake website shown below). The cybercriminals also created a "portal" for people to buy their tickets, but apparently fans have to provide their personal details first. Once stolen, this data can be misused or be sold to other scammers.
Image 3. Fake copy of the official website of the Soccer World Cup.
Many people already have states that "FIFA officials" approached them via email offering tickets for sale. Meanwhile, users of Reddit they share images from messages with people offering counterfeit printed tickets.
If you are still looking for tickets to watch any of the world cup games, you have to watch out for scammers. It is worth mentioning that the organization Qatar 2022 only has digital tickets, with one exception The last minute purchases that can only be made in person directly to two offices in Doha, Qatar. THE resale of unauthorized tickets is prohibited in Qatar and the penalties can be very severe. The only way to resell and buy tickets is through her official FIFA ticket resale platform.
What you can do to protect yourself
Staying safe from scams, whether World Cup-themed or not, is based on a few simple rules:
- You cannot win a lottery ticket if you have not purchased a ticket. If anyone tries to convince you otherwise, it's a scam.
- Do not pre-pay money in order to receive a prize. Prepayment methods are a way of stealing your money.
- Watch out for them phishing attacks. Do not click on links or attachments in emails or other messages unless you are sure they are genuine, especially if the messages are from strangers and ask for your personal information.
- Similarly, watch out for misleading websites. Pay attention to the websites you visit and always look for grammatical and spelling errors, strange URLs or lack of security certificates or other signs that something is wrong, especially if the website is asking for your money or personal information.
- Don't give out your personal information to anyone who asks for it – it could be misused for fraud or sold on the dark web.
- Use two-factor authentication on all accounts, especially those that contain your sensitive information. This reduces the chances of them being compromised by hackers with stolen passwords.
- Use reliable, multi-layered security software with anti-phishing capabilities.