FIFA World Cup: How Cybercriminals Steal Data Using Fake Sites
From fake entry permits and betting sites to fake cryptocurrency, cybercriminals have devised all sorts of tricks to lure football fans in the name of the FIFA World Cup, IT intelligence firm CloudSEK warned on Monday.
Although India is not part of the FIFA World Cup, the Indian community is reportedly estimated to be the largest expatriate in Qatar, which hosts the biggest football tournament.
A Bengaluru-based cyber security firm said several Telegram channels were found selling Hayya cards (FIFA login) at prices ranging from $50 (around Rs. 4,300) to $150 (around Rs. 12,300).
“To create Hayya cards, threat actors say they want valid consumer IDs like passports. And payment is only accepted in Bitcoin,” said CloudSEK in a report.
This technique is based on brute forcing a ticket number based on a ticket number pattern suspected to be shared by a threat actor.
“Since the FIFA World Cup is a popular event, the demand for tickets far exceeds the supply. To exploit this gap between supply and demand, fraudsters have created websites that sell fake tickets,” said CloudSEK.
Threat actors are trying to trick network users by selling a limited edition of fake cryptocurrency as a crypto currency platform Crypto.com is an official sponsor of FIFA and Binance has partnered with Cristiano Ronaldo to promote football-themed NFTs.
“Scare actors support this hype to sell ‘World Cup Coin’ and ‘World Cup Token’ by promoting it as a limited edition cryptocurrency. However, most of these so-called coins do not exist,” the report said.
CloudSEK investigators in the report said that FIFA sponsors should strengthen their security measures and stay up-to-date on the tactics and methods of threatening players.