The number of phishing attempts on countries in the Middle East and North Africa doubled in the month leading up to the World Cup in Qatar. Those working on the global football tournament have been increasingly bombarded with phishing emails in an effort by cybercriminals to mine for crucial credentials and data.
Research released by security company KnowBe4 shows that employees of the World Cup organisers are having to dodge a massive increase in cyberattack attempts, mostly from five notorious cybercriminal gangs; Qakbot, Emotet, Formbook, Remcos and QuadAgent, at the tip of this cybercrime wave.
Phishing attacks at the Qatar World Cup
Examples of cyberattack attempts include emails impersonating players, and fake FIFA ticket office messages warning of a payment issue. Malicious and fraudulent notices about other administrative issues, such as a ban on registering players, have also been distributed.
The frantic nature of the preparations for a major event such as the World Cup means many more of these phishing attempts are likely to be successful, says Jake Moore, global cybersecurity advisor at ESET.
“Major events usually attract scammers in their large-scale attempts to lure people into handing over login credentials," Moore says. "Timely sent phishing emails are often given a higher level of authentication by the recipient and therefore have a higher chance of working.”
Employees must therefore increase their vigilance. “People always need to remain on guard when they are requested to hand over credentials or two-factor authentication codes even when they look genuine," Moore warns. "Emails continue to be a major vehicle to entice people into clicking on links that take them to websites that look legitimate so people must stay vigilant and keep their credentials and sensitive data private."
Phishing emails have been a growing problem since the start of the Covid-19 pandemic and the shift the home working. Hornetsecurity carried out analysis on 25 billion emails sent through the Microsoft 365 platform and found that 5%, some 1.25 billion, were malicious.
The report by Hornetsecurity showed that these malicious attempts are growing in success as well as scale. Phishing remains the number one attack technique at 39.6%, with malicious URLs in third place at 12.5%. The 'other' category, which combines less common attacks, is in second place.
Worldwide popular events are just one of the scenarios that cybercriminals exploit in order to manipulate the public into relinquishing their credentials. The current economic slump is also used to lure in unsuspecting victims, explains Oliver Pinson-Roxburgh, CEO of Defense.com: “Attacks like these will be particularly effective as the economic climate puts more people under strain," he said. "Shoppers are desperate to find ways to stretch budgets to celebrate the festive season, increasing their incentive to click on an email claiming to offer an ‘exclusive discount’ or ‘prize’."