Cyber Scams are Fueled by FIFA World Cup Fever
“During the FIFA World Cup, cybercriminals are exploiting AI-driven phishing, intercepted funds, and phony websites to con supporters.”
Tens of phony ticket portals, merchandise stores, streaming websites, and betting applications have surfaced to defraud football fans worldwide, making the FIFA World Cup a haven for fraudsters.
More than 13,000 FIFA-related web domains have been formed since January, according to cybersecurity company Fortinet, of which 8.8%, or roughly 1,150, were malicious. Additionally, it discovered over 1,700 new social media impersonation accounts, 90% of which were on Facebook and Instagram.
Yogesh Jaygadkar, Senior Manager, Threat Research, FortiGuard Labs
|
During the course of a tournament, fraud exposure can quickly amount to millions of dollars. “Massive worldwide attention, emotional urgency, high ticket demand, travel pressure, item purchases, streaming demand, betting activity, and job-seeking surrounding the event all contribute to the ideal fraud environment for events like FIFA.” Generative AI can be used to enhance personalization for FIFA-style scams. Messages such as "last-minute ticket confirmation," "seat upgrade," "visa/travel support," "sponsor recruitment," or "streaming access" can be customized based on the nation, language, team, or fan behavior. "Attackers can also use it to generate fake invoices, automate scam responses, create realistic website copy, and clone brand tone." "Deepfake audio/video can also be used for phony team announcements, phony celebrity promotions, or phony customer support verification." |
A highly sophisticated Chinese threat operation that targets fans by intercepting financial details and SMS-based authentication has been discovered by Bengaluru-based CloudSEK. The activity is targeted at more than 13 geographies.
Researchers discovered that the fraudulent platform has the ability to monitor a victim's real-time checkout process, obtain payment card information such as PAN, expiration date, and CVV, and possibly transmit OTPs instantly.
Football fans worldwide are the victims of recruitment phishing, cryptocurrency airdrops, and ticket resale scams, according to FortiGuard Labs. It stated that over 270,000 user credentials for FIFA-related websites and over 260 FIFA employee credentials are accessible on the dark web.
During the most recent Indian Premier League season, similar scams also came to light.
Phishing Upgrades
Fraudsters used to pose as BookMyShow and District, two ticketing platforms.
Cybersecurity company Arctic Wolf claims that social media and messaging apps like Telegram, Discord, and WhatsApp are some of the main ways that malware spreads. Five minutes prior to the game, fraudsters post a phony streaming link on these channels, and many enthusiastic fans fail to verify if it is malicious, according to the report.
A malicious "employee handbook PDF" was used to obtain staff credentials from Philadelphia, the city that hosts the most World Cup matches.
Ismael Valenzuela, Vice President, Threat Research and Intelligence, Arctic Wolf
|
"Compared to traditional phishing, what we're seeing now is more sophisticated." "In certain instances, Android malware that can mine cryptocurrency directly on a victim's device has been installed using phony ticketing websites." According to him, enterprise risk is now a problem in addition to consumer fraud. "That level of activity shows how quickly attackers are integrating AI into their workflows and tools." |
Because it takes less time, money, and expertise to execute convincing campaigns, artificial intelligence is decreasing the barrier to entry for fraudsters.
In just one year, Arctic Wolf Labs found over 22,000 distinct files linked to AI-themed detection criteria in malware libraries.
Researchers at the cyber-intelligence company Acronis also observed QR code phishing, sometimes known as "quishing" assaults, in which users are sent to malicious websites intended to gather private data, phony giveaways, or bogus ticketing pages.
Conclusion
Now that we have talked about the phishing scam running worldwide, you might want to protect yourself against such attacks. For that, you can go for PhishNext, a dedicated phishing simulation platform offered by Craw Security.
Moreover, PhishNext can help users fight against various types of phishing attack simulations, and users will be able to protect themselves against such scams. Thus, you will be able to live a stress-free life. What are you waiting for? Contact, Now
