Cyber criminals use World Cup as bait over a year ahead of the event

TDT | Manama

The Daily Tribune – www.newsofbahrain.com

Sporting events, just like other top events, are a fine bait for users with cyber fraud surrounding races, football championships and other sports flourishing in the past few years, says a cybersecurity firm.

While usually phishing and various spam activity pop up just as the event approaches or even when it is happening, there are exceptions, add Kaspersky.

The World Cup is slated for far-off in November 2022, yet cybercriminals are already using the event to target football fans and businesses alike. In the course of two months – from 15 of August to 15 of October 2021 – Kaspersky said it detected 11,000 fraudulent emails that used the World Cup as a lure.

The emails mostly contained fake business offers – inviting the recipients to participate in a bid for supplying the world’s biggest football event.

This is a new tactic not typical of sports-related fraud. With the World Cup being a historical event and often having a major economic impact on the host countries and suppliers involved, it is clear why such a lure could be deemed effective.

Other emails were targeting regular users from various countries, claiming that they have been selected to participate in an exclusive giveaway or receive an amount from a fund created in the name of the World Cup.

In both cases, most likely, the recipients would have been asked to pay a small commission to take part in the bidding or giveaway, with no results ever coming forth.

In some examples, the users were offered to fill out the form. Some of the spam emails detected also contained malicious attachments. Besides emails, users also downloaded malicious documents from the Internet. Kaspersky said it detected a total of 625 attempts to infect users with files named after the World Cup in 2021.

The majority (97%) of attacks were carried out using hoax Word documents that contained false information, most often inviting users to share their personal data.

Other threats included AdWare, which produces invasive advertising, Trojan password stealers, which are capable of gathering login info to different devices and Trojans – programmes that can carry out various tasks on an infected device remotely. “The excitement around major events – especially the ones taking place offline, is exploited by scammers on a regular basis to gather personal information and money from users.

We see fraudsters trying to profit from events long before they happen and the World Cup serves as a prime example of this trend. It is over a year until the championship kicks off in Qatar, and yet, cybercriminals are already jumping on this topic with new tactics targeting businesses in particular,” comments Tatyana Shcherbakova, Security Expert at Kaspersky.

To avoid falling victim to a scam:

Check the sender’s address. Most spam comes from email addresses that don’t make sense or appear as gibberish – for example, amazondeals@tX94002222aitx2.com or similar.

By hovering over the sender’s name, which itself may be spelt oddly, you can see the full email address. If you’re not sure if an email address is legitimate or not, you can put it into a search engine to check. 

Consider what kind of information is being requested. Legitimate companies don’t contact you out of the blue via unsolicited emails to ask you for personal information such as banking or credit card details, Social Security number and so on.

In general, unsolicited messages telling you to ‘verify account details’ or ‘update your account information should be treated with caution.

Be wary if the message is creating a sense of urgency. Spammers often try to apply pressure by creating a sense of urgency.

For example, the subject line may contain words like “urgent” or “immediate action required” – to pressure you into acting. n Grammar and spell check is an effective way to identify a scammer. Typos and bad grammar are red flags.

So, too, are odd phrasing or unusual syntax, which might result from the email being translated back and forth through a translator several times.