Cyber Attacks At The 2022 FIFA World Cup

Written by Jo Rust | Published on December 15, 2022




Data Leaks at the 2022 FIFA World Cup

It’s the most popular sport in the world, played by more than 20 million people in more than 140 countries around the world. The prestigious soccer world cup takes place every 4 years where 80 national teams play their hearts out to emerge victorious as the winners of the Federation Internationale de Football Association’s World Cup event.

This year the tournament is hosted by Qatar, and you can bet that no expense has been spared to make it the spectacle of the year. Teams, sponsors, media, and fans from around the globe have flocked to the peninsular country in the middle east, famous for the world’s largest deposits of oil and natural gas. 

When it comes to this scale of an international event hackers are not far behind, and the 2022 FIFA World Cup is certainly no exception. It’s quite an enormous task to keep venues, players, viewers, audiences, fans, and broadcasting channels free from cyber threats. Unfortunately, many fans might not be as tech-savvy as to pick up the sometimes subtle differences in apps and webpages developed by so-called ‘threat actors’ (term in cyber security for groups or individuals who aim to exploit weaknesses in an information system) that impersonate official information platforms with the aim of stealing data of both individuals and companies.

The anticipated entry of about 1.5 million spectators was blown out of the water with a whopping 2.45 million registered fans and 1.8 billion viewers around the globe. That’s a 61% increase in the originally projected numbers which also means an increased effort can be expected by scam artists, hackers, and threat actors. By the beginning of December 174 malicious domains had already been identified by Digital Shadows, a ReliaQuest company that is the market leader in digital risk protection.

We don't want you to fall prey to cyber opportunists

 blog_week 51_1

3 Common Scams to Look Out For

With ever-evolving technology and carefully-crafted means of infiltrating multi-national events like the soccer world cup, scammers are getting to be more creative in their craft. Here are four scams to look out for:
  1. Ticket & Merchandise Scam

    Many die-hard fans will jump at the opportunity to get their hands on coveted tickets and merchandise of their favorite teams or football World Cup memorabilia. Scammers are swimming in an ocean of possibilities with so many millions of fans flocking to Qatar. 
    While apps and websites need to look at least semi-convincing, scammers will use social media platforms like WhatsApp, Telegram, and Facebook to put out convincing ‘campaigns’ to get individuals to enter their DMs where they are then directed to a website to make a purchase of fake tickets or merchandise.

  2. Fake Surveys
    Scammers use fake survey forms to capture all kinds of sensitive information disguised as one of many world cup-associated brands. They’ll entice you with a ‘free gift’ in exchange for some of your information and make it look all ‘official’ with logos and landing page designs. They might even have you enter your credit card details just as a ‘security measure’ or to ‘confirm that you are who you say you are’ with the promise of not charging your card. And just like that, they have your card and personal information.

  3. Employment Scams
    There are numerous social media pages that drive traffic to websites promising job opportunities in Qatar at the World Cup. They’ll then ask you to enter your personal data to check whether you qualify for one of these non-existent jobs. These kinds of scams serve as a means to collect preliminary information used to socially engineer future financial fraud or other cyber security attacks.

  4. Lottery Scams
    Cybercriminals are also using lottery scams to try to get unsuspecting victims to part with their personal information. The types of messages used in these types of scams will claim that you’ve won a prize, free tickets, or perhaps an all-expenses paid trip to the World Cup. All you need to do is click on the attachment to claim your prize. There is no prize of course. The real intention is to trick you into paying over money you’ll never see again, stealing personal data, or getting you to install malware on your device.
 blog_week 51_2



Strategies For Protecting Your Data

The first line of defense is to educate both yourself and your coworkers in how to identify potential scams. Carefully inspect any emails, apps, social pages, or websites claiming to be official FIFA World Cup pages or affiliates. Scan for any spelling or grammatical errors on the pages or in the messages you receive.
Check any links before clicking on them. Hover your mouse over a link to preview its URL. It’s a good rule of thumb to just not open any links within an email or message. It’s important to note that legitimate websites or organizations won’t ever ask you to enter your banking details, or passwords to supposedly verify your account details.

Use trusted antivirus software on your devices, and when accessing public wifi networks it’s best to use a Virtual Private Network or ‘VPN’.
These threat actors aim to steal all types of data ranging from personal information, login credentials, banking details, financial data, company information, and more. Cyber security experts have advised that the availability of such data needs to be protected with a business continuity plan.
For organizations, this means putting important data into an escrow account. Data Escrow ensures that you are protected in the event of a cyber-attack or data leak by way of automated backups which gives you immediate access to potentially stolen and lost data.
Visit our Data Escrow page for more details on how to best protect crucial information.

Data Escrow Page