According to the cybersecurity firm GROUP-IB, Cybercriminals are trying to take advantage of unsuspecting FIFA World Cup fans by using the event to scam them out of money.

The tournament is entering its second week, and cybercriminals are using several methods to try and steal money and information from people wanting to buy tickets, merch or even trying to find work during the World Cup.

Researchers at Group-IB discovered almost 100 compromised Hayya accounts. Hayya is the mandatory system the World Cup is using to enter Qatar, access tickets, and access transportation services. To perform the attacks, the researchers say the threat actors are using malware like ‘Redline’ and ‘Erbium’.

In recent weeks, we’ve reported on the multitude of malicious apps being found in the Google Play store – which is another method attackers are using during the World Cup to scam fans out of their money and information. Nearly 40 malicious apps were discovered in the Google Play store that promise access to purchase World Cup tickets.  Threat actors are also using fake websites offering merchandise and tickets to steal money and banking credentials. Some of the fake websites are also stealing user information by harvesting data used by people who submit a bogus job application in the hopes they’ll find temporary work at the global event.

Unsuspecting users are also being tricked into filling out a survey, which offers only a chance for a prize at the end. The survey asks for a ton of personal information which is only being harvested by the attackers. They’re then asked to share the survey on WhatsApp to their contacts.

GROUP-IB has shared all of their findings with both Interpol and the Qatar Computer Emergency Response Team.  Among the information shared were more than 16,000 scam domains, dozens of fake social media accounts, malicious advertisements, and scam mobile apps which all target fans and attendees of the event. Their findings have also been corroborated by other researchers at Kaspersky and Trellix.

Trellix additionally has found that several malware families are to blame in these World Cup scams including Qakbot, Emotet, Formbook, Remocos and QuadAgent.

Unfortunately, scams relating to the 2022 World Cup started all the way back in November of 2021 according to researchers. When buying merch, looking for tickets or simply just trying to interact with the global tournament, be extra cautious you’re using legitimate means to conduct your business so that you don’t get scammed out of hard earned money.

Story via Cyberscoop