World Cup scams: Fake Hayya Cards, FIFA-themed crypto coins targeting football fans

Published: Updated:
Read Mode
100% Font Size
8 min read

Cybercriminals are targeting World Cup fans through unauthorized Hayya Cards and FIFA-themed crypto tokens and coins, cybersecurity researchers told Al Arabiya English.

The hype around the global football tournament in Qatar has attracted audiences from across the globe, creating fertile ground for cybercriminals to exploit people on a large scale and find new ways to scam people online, a new report by cybersecurity firm CloudSEK has found.

For the latest headlines, follow our Google News channel online or via the app.

CloudSEK researchers told Al Arabiya English that the top three cyber threats observed during the World Cup were “hacktivists targeting Qatar-based organizations, FIFA sponsors and other FIFA-related entities,” an “increase in threat actors offering FIFA-themed crypto tokens and coins to defraud enthusiastic fans,” and the “unauthorized” sale of Hayya cards.

Fake and forged Hayya cards

Hayya card is a mandatory, personalized document required by everyone attending World Cup matches in Qatar. Having a ticket to the World Cup is a prerequisite to acquiring a Hayya card.

The cybersecurity experts urged people to only obtain one from the official website.

“We have observed cyber criminals selling Hayya cards to football fans. There have also been discussions among threat actors, regarding ways to forge Hayya cards,” they told Al Arabiya English in a statement.

Due to the importance of these entry permits, threat actors began to sell fake Hayya Cards to unsuspecting fans, who were willing to pay any price to obtain one.

CloudSEK found several Telegram channels selling Hayya cards for prices ranging from $50 to $150.

However, in order to create these permits, the threat actors asked buyers for their valid IDs, including passports, and said they only accepted Bitcoin as payment.

This not only resulted in buyers losing money paid into the threat actor’s crypto wallet, but the victims also inadvertently put themselves at risk by sharing their personally identifiable information which could be used by cybercriminals to scam them again.

Cybercriminals have managed to get away with the scam because they route the money in their crypto wallets via multiple exchanges or currencies, making it difficult for law enforcement to trace or retrieve the victims’ money.

As for forged Hayya cards, the researchers said they noticed discussions among threat actors on cybercrime forums where they shared various methods used to forge or hack FIFA services.

One of the techniques involved allowing one to register for a Hayya card for free without a valid FIFA ticket number.

“Fans should avoid sharing their personal information and banking details with unknown people over the internet. If an offer seems too good to be true, it is probably a scam,” the researchers said.

Fake FIFA-themed crypto coins and tokens is an official FIFA sponsor for the World Cup and crypto giant Binance has partnered with football star Cristiano Ronaldo to promote football themed NFTs.

Piggybacking on this hype, threat actors used this opportunity to sell fake World Cup-themed coins and tokens by promoting them as limited-edition cryptocurrency, the report found.

Screenshots from Telegram showing threat actors selling fake World Cup coins and tokens. (Supplied)
Screenshots from Telegram showing threat actors selling fake World Cup coins and tokens. (Supplied)
Screenshots from Telegram showing threat actors selling fake World Cup coins and tokens. (Supplied)
Screenshots from Telegram showing threat actors selling fake World Cup coins and tokens. (Supplied)

Cashing stolen credit cards

Criminal gangs are selling stolen credit card details to carry out illegal and unauthorized transactions, according to CloudSEK.

In addition, they have also been providing services to cash out money from these stolen cards and used prepaid gift cards to cover their tracks.

The CloudSEK researchers suggested that carding groups could be using FIFA-themed fake websites to collect card details from unsuspecting users and then use them to book hotel and flight tickets.

They recommended that both fans and companies that sponsor FIFA need to be “on high alert.”

“[Companies sponsoring FIFA] should monitor the internet for websites, social media pages, and apps that are impersonating them. These threats should be taken down immediately. This will benefit their customers and make sure their reputation is not impacted,” they said.

“Fans should also refrain from clicking on links in emails from unknown senders and links shared on social media. It is recommended that they only use the official websites of FIFA and the World Cup.”

Phishing and other threats

With the World Cup being such a globally anticipated event, the demand for match tickets has exceeded supply. This led to scammers creating fraudulent websites to sell fake tickets to exploit this gap.

Phishing sites ask users to sign up and, after collecting their personal identifiable information, it redirects them to a payment page where they can finally purchase the ticket.

Users do not receive anything after making the payment and in some cases, the payment gateway can also be faked and designed for the purpose of stealing banking details.

Screenshot of a phishing website offering service to check for World Cup tickets automatically. (Supplied)
Screenshot of a phishing website offering service to check for World Cup tickets automatically. (Supplied)
A telegram bot offering automatic FIFA World Cup ticket availability checking service. (Supplied)
A telegram bot offering automatic FIFA World Cup ticket availability checking service. (Supplied)

Aside from phishing, credit card/cryptocurrency fraud, and identity theft, the report found that that Advanced Persistent Threat (APT) campaigns and Denial-of-service (DDoS) attacks were also among the threats faced by organizations and audiences, adding that cybercriminals were not only motivated by financial gain, but by geo-political affiliations as well.

Another cybersecurity firm, Group-IB, also identified 16,000 scam domains and hundreds of fake social media pages which were “created by cybercriminals looking to steal money and personal information off of victims,” its Head of Digital Risk Protection Analytics Team (MEA region) Sharef Hlal said on Tuesday.

“These scams include the creation of fake pages purporting to be selling official merchandise and tickets to the games, along with fake surveys designed to steal victims’ data. We have also found several fake pages advertising jobs in Qatar for the duration of the World Cup. Group-IB has shared all its findings with law enforcement agencies.”

Recommendations for fans, participating companies

“Threat actors have a track record of trying to cash in on major events, especially those in the sporting world.” Hlal added.

“We believe that it is crucial to raise awareness of the multiple different types of scams that users may be confronted with throughout the World Cup, and urge internet users to be on high alert and double check any domain that they encounter on social media or through messengers.”

CloudSEK advised users to buy FIFA tickets and Hayya cards from the official website only, validate the legitimacy of cryptocurrencies before making an investment, not to avail FIFA-related services from social media or Telegram, and avoid sharing personal information or banking details with unknown persons or websites.

It also urged people to refrain from installing apps shared on social media, Telegram or third-party app stores and to review permissions requested by apps and disable the ones that are not integral to the app’s functionality.

To minimize the risk of falling victim to scams online, the cybersecurity firm advised participating organizations to use a firewall, keep their software updated, use load balancers or similar services to avoid DDoS attacks, run awareness campaigns to educate fans and users about legitimate portals and websites, and to monitor and take down phishing sites, fake apps and copy-cat social media accounts in real time.

Read more:

Surge in online scams, hacks expected ahead of FIFA World Cup, expert warns

Cyber attacks expected to rise over Black Friday weekend

Russian speaking groups infect thousands of computers in Saudi Arabia, Gulf region

3D-printed weapons: Interpol and defense experts warn of ‘serious’ evolving threat 

Top Content Trending