FIFA World Cup 2022: Cybercriminals Using Fake Sites to Steal Personal Information, IT Security Firm Says


From fake entry permits and betting sites to fake cryptocurrency, cybercriminals have spun all the tricks to lure football fans in the name of the FIFA World Cup, IT security intelligence firm CloudSEK warned on Monday.

While India is not part of the FIFA World Cup, the Indian community is reportedly estimated to be the largest among the expatriate population in Qatar which is hosting the biggest football tournament.

The Bengaluru-based cyber security firm said that several Telegram channels were found selling Hayya cards (FIFA entry permit) for prices ranging from $50 (roughly Rs. 4,300) to $150 (roughly Rs. Rs. 12,300).

“To create Hayya cards, the threat actors claim to require the buyer’s valid IDs like passports. And payment is only accepted in Bitcoin,” CloudSEK said in a report.

Cyber criminals are also sharing hacking techniques that purportedly allow one to register for a Hayya card without a valid FIFA ticket number, for free.

The technique is based on brute forcing the ticket number based on an alleged ticket number pattern that the threat actor shared.

“Since the FIFA world cup is a popular event, the demand for tickets far exceeds the supply. To exploit this gap between the supply and demand, scammers have set up websites that sell fake tickets,” CloudSEK said.

The threat actors are trying to cheat netizens by selling limited edition fake cryptocurrency as crypto currency platform Crypto.com is an official FIFA sponsor and Binance has partnered with Cristiano Ronaldo to promote soccer-themed NFTs.

“Threat actors are piggy-backing on this hype to sell fake ‘World Cup Coin’ and ‘World Cup Token’ by promoting them as limited edition cryptocurrency. However, most of these purported coins don’t exist,” the report said.

CloudSEK researchers in the report said FIFA sponsors should bolster their security mechanisms and stay up to date on threat actors’ tactics and techniques.


Affiliate links may be automatically generated – see our ethics statement for details.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *