As reported by The Register, phishing attempts targeting victims in the Middle East increased 100% last month in the lead up to the World Cup in Qatar, according to Trellix. There was a spike in these email-based attacks between September and October, when the volume of malicious emails doubled. Miscreants used FIFA and other football-related lures as the initial attack vector, and the security researchers detailed several email samples they found in the wild.
In one, the email purported to be from the FIFA transfer matching system (TMS) helpdesk and included a fake alert that the user’s two-factor authentication had been deactivated. It then directed the user to an attacker-controlled website, which allows the crooks to then steal the users’ credentials.