Qatar World Cup sparks cyber-attacks

Messages offering last-minute tickets or communicating supposed winnings from a bet are some of the threats detected.

Phishing attacks have been on the rise in recent days due to the FIFA World Cup Qatar 2022.

This major sporting event attracts the attention of billions of people around the world, making it the “perfect lure” for new cybercrime campaigns based on sophisticated social engineering. This is the warning from security companies such as Panda Security and Check Point.

Researchers at Avanan, a Check Point company, warn of an increase in phishing emails related to this event that are being spread in several languages.

These messages pretend to come from a trusted person or company in order to manipulate the user into performing some action, such as downloading a file, clicking on a suspicious link or revealing personal information, including bank details.

Many of the campaigns detected are related to the sale of last-minute tickets or the communication of winnings from a sports bet.

Panda Security also points to themes such as the purchase of World Cup products and newsletters with news and video summaries of the matches.

One of the most commonly used techniques is the sending of messages that supposedly come from organisations related to the World Cup to redirect the user to malicious pages that resemble the original ones.

“There have been cases of such emails being sent to employees of the organisation posing as human resources or other departments,” says Hervé Lambert, Global Consumer Operations Manager of the Spanish company.

In fact, fake job offers are also being published on social networks and other websites to work at the World Cup. The ultimate purpose is to obtain sensitive data from the person being contacted.

Phishing does not only work through email, it is also deployed through SMS messages, social networks and other means such as phone calls.

Another technique involves the use of generic top-level domains, such as .com, .org, and .gov, and words commonly used by the organisation.

Additional methods used by criminals include the theft of credentials from streaming and audio-visual platforms or misleading advertising through click-through banners that compromise security at the click of a button.

To this list can be added illicit activities via the dark web. Even before the start of the World Cup, hundreds of references to this sporting event were already detected in cybercrime forums.

In this sense, one of the biggest dangers would be “the smuggling that exists with the buying and selling of digital identities that are often stolen in advance with the help of different malwares”, as Lambert says.

One should also be wary of cyber scams at online bookmakers by checking the terms and conditions that are accepted on the platform. “Risks include the misuse of personal data hosted,” explains the expert, “and difficulties in withdrawing winnings.

To avoid problems, the legitimacy of the website should first be checked and the entities behind it verified.

This competition is, in short, “the perfect context for perpetrating cyber-attacks, given the huge amounts of money and investments that have been made”.

This is the opinion of the Panda Security executive, who stresses that “the cybercriminals’ plans are very sophisticated. There is so much information on the internet that it is necessary to constantly check which pages we are visiting, because it is the news of the moment”.

“Moreover,” he continues, “the particularity of the country in which it is held and its geopolitical situation place it in a controversial global scenario and susceptible to cyber threats related, for example, to various types of hacktivism.

“On the other hand, for cybercriminals this event is an excellent environment for cyber espionage and surveillance against foreign dignitaries and businessmen,” he adds.

“There are still two weeks to go until the end of the World Cup, so the risk remains high, but it is certainly preventable and repairable,” notes Hervé Lambert. “Working with robust systems and a good education in cybersecurity augurs well and avoids possible mishaps”.

Check Point also offers some advice, such as using common sense and being aware that copycats can emerge, with malicious sites using a domain name similar to the real brand. One way to spot them is to check for misspellings or extra letters.

Similarly, when an email includes a link that prompts you to log in to a website, it is best to access the official website from the browser.

Another tip is to avoid repeating passwords across different online accounts, although not all attacks are direct. Some phishing emails result in the download of Trojans and keyloggers capable of monitoring the typing on the infected device.

It is also important to install security solutions on your devices, including your mobile phone.