Big events are always a target for phishing attacks, as it means there will be lots of people willing to pay a high price to ensure they don’t miss out on a ticket. This year’s football World Cup in Qatar is no different. 

In the run-up to and during the tournament there has been an increase in the number of phishing attacks in the Middle East and North Africa in particular, as there was expected to be more football fans attending this tournament from the region than previous World Cups. In fact, the number of phishing attacks doubled in the month before the event.

Top phishing email subjects

Some of the the subjects of these emails include:

  • Impersonations of team members with payment confirmation links
  • Fake FIFA ticketing office emails warning of a payment issue
  • Spoof emails from the official food delivery partner offering fake free tickets to those who register
  • Impersonations of the Players Status Department with a legal notice regarding delayed legal fees and a link

    Victims who click on URLs in the phishing emails are sent to legitimate-looking websites with FIFA branding, but that enable malware to be installed. 

    Additionally, employees of the World Cup organisers have been targeted with phishing attacks in attempts to mine credentials and data. 

    Attacks will continue beyond the tournament

    All of these attacks have been largely led by five cybercriminal groups: Qakbot, Emotet, Formbook, Remcos and QuadAgent. And, whilst the tournament officially ends on the 18th December, there are still related opportunities that cybercriminals can take advantage of beyond then. As a result, it’s likely that these phishing attacks will continue into the new year, so any companies with ties to the World Cup need to be on high alert to ensure they are not exploited.