Qatar World Cup Cyber Attacks
It is no surprise that a major International event such as the 2022 World Cup would be a magnet for fraudsters and scammers. This activity began in the lead up to the event and will probably drop off our radar after the final game but the principles behind these campaigns will apply to other events in the future. Many scammers are simply after the cash but linking to high profile events also benefits hacktivists wishing to push their own political agendas.
Many of these incidents are examples of new twists on old scams. Postal scam letters date back to the distant past but have been recently used as a hook for Word Cup lottery scams. The letters feature ‘official’ logos and promise big cash prizes. Any suspect mail should be posted on to the National Trading Standards Scam Team at NTSST, FREEPOST, MAIL MARSHALS.
A more technological attack vector has been the use of scam emails allegedly from FIFA officials, the match ticketing office or other organisations closely tied to the Qatar events. These messages contained links to malicious sites or were sent with harmful attachments.
A study by the Photon Research Team into cyber threats linked to the Qatar World identified several categories of threat.
174 cases were identified of webpages impersonating legitimate domain names. Here URLs are chosen that are similar to the original. The destination mimics official pages mixing genuine content links with phishing or malware links. One example (now offline) directed to a malicious site when the chat box on the launch page was clicked.
53 examples of fake mobile apps were found. FIFA is registered as an official app developer on the Google Play and IOS stores offering a range of products including the official ticketing app which unfortunately failed and delayed the entrance of some fans into games. Other developers offer football information services, some good, some bad others plainly fraudulent. Some were hosted on stores running with the scam others on the legitimate Google Play platform. Due to the costs in registering developers and the checks put in place by Apple this category of fraud is less likely on IOS devices. The fraudulent apps could steal personal data from the host device; install adware or malicious code.
Social media pages have impersonated assets belonging to the Qatar World Cup. Many of these are relatively harmless. Other pages hosted scams including impersonating the profiles high level FIFA officials; such as the president Gianni Infantino.
Many fans will see their interest in football spilling over into work time during the World Cup but they need to be aware that their enthusiasm might compromise corporate networks. Users need to recognise look-alike scams. Examine headers and links carefully, hover over them to expose the destination before clicking. There should be no need to download event specific software onto corporate machines.