Cybercriminals are cashing in on FIFA World Cup-themed cyberattacks

The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this, in turn attracts a variety of cybercriminals, who want to exploit the varied fan following, and the organizations participating, to make a quick buck.

FIFA World Cup-themed cyberattacks

Advanced persistent threat (APT) campaigns, phishing, credit card/cryptocurrency fraud, DDoS attacks, and identity theft are among the threats faced by organizations and audiences, CloudSEK reports. The cybercriminals are motivated by financial gain, ideology, or geo-political affiliations.

FIFA World Cup-themed cyberattacks explained

Cashing stolen credit cards: Carding groups sell stolen credit card details to carry out illegal and unauthorized transactions. They also provide services to cash out money from these cards, using prepaid gift cards, to cover their tracks. Carding groups could be using FIFA-themed fake sites, to collect card details from unsuspecting users, and then use them to book hotel and flight tickets.

Selling fake Hayya cards: Due to the importance of Hayya cards (FIFA entry permit) during the World Cup, threat actors are selling fake Hayya Cards to unsuspecting fans, who are willing to pay any amount to get one.

Several Telegram channels were found selling Hayya cards for prices ranging from $50 to $150. To create Hayya cards, the threat actors claim to require the buyer’s valid IDs like passports. And payment is only accepted in Bitcoin.

Forged Hayya cards: Threat actors are also sharing hacking techniques that purportedly allow one to register for a Hayya card without a valid FIFA ticket number, for free. The technique is based on brute forcing the ticket number based on an alleged ticket number pattern that the threat actor shared: “300 and 4 random digits”.

Fake crypto tokens and coins: Given that is an official FIFA sponsor and Binance has partnered with Christiano Ronaldo to promote soccer-themed NFTs, threat actors are piggy-backing on this hype to sell fake “World Cup Coin'” and “World Cup Token” by promoting them as limited edition cryptocurrency. However, most of these purported coins don’t exist.

Phishing and ticket sale scams: Since the FIFA World Cup is a popular event, the demand for tickets far exceeds the supply. To exploit this gap between the supply and demand, scammers have set up websites that sell fake tickets.

DDoS attacks: Threat actors and hacktivists claim to have launched DDoS attacks on Qatar based entities such as and They have also shared proof that the sites that they have targeted are offline due their attacks.

Betting and gambling services: As with elections or other sporting events, gambling and betting on the outcome of FIFA World Cup matches is common. Threat actors are leveraging this to share prediction tips for a price, promote fake betting sites that steal users’ money and PII and spread gambling apps laced with malware.

“The gap between the supply and demand of FIFA World Cup game tickets, flight tickets, hotels, souvenirs, etc., has been co-opted by cybercriminals, to defraud fans and enthusiasts. Despite the attractive offers and lures, users should restrict their purchases to official websites and mobile apps. And companies that are FIFA sponsors should bolster their security mechanisms and stay up to date on threat actors’ tactics and techniques,” said a CloudSEK researcher.

Recommendations for FIFA fans

  • Buy FIFA tickets and Hayya cards only from the official website.
  • Validate the legitimacy of cryptocurrencies before investing in them.
  • Don’t avail FIFA related services from Telegram or social media.
  • Do not share your PII or banking details with unknown persons or websites.
  • Don’t install applications shared via Telegram, social media, or from third-party app stores.
  • Review permissions requested by apps and disable permissions that are not necessary for the app’s functionality.
  • Be wary of schemes that seem too good to be true.

Recommendations for participating organizations

  • User load balancers or services like Cloudflare to avoid DDoS attacks.
  • Use a firewall and keep your software updated to the latest version.
  • Run awareness campaigns to educate fans and users about legitimate portals and websites.
  • Real-time monitoring and takedown of phishing sites, fake apps, and copy-cat social media pages.
  • Report the findings to relevant authorities who can take action against the threat actors.

Don't miss