As reported by The Register, phishing attempts targeting victims in the Middle East increased 100% last month in the lead up to the World Cup in Qatar, according to Trellix. There was a spike in these email-based attacks between September and October, when the volume of malicious emails doubled. Miscreants used FIFA and other football-related lures as the initial attack vector, and the security researchers detailed several email samples they found in the wild.
In one, the email purported to be from the FIFA transfer matching system (TMS) helpdesk and included a fake alert that the user’s two-factor authentication had been deactivated. It then directed the user to an attacker-controlled website, which allows the crooks to then steal the users’ credentials.
Major events usually attract scammers in their large scale attempts to lure people into handing over log in credentials. Timely sent phishing emails are often given a higher level of authentication by the recipient and therefore have a higher chance of working. People always need to remain on guard when they are requested to hand over credentials or two factor authentication codes even when they look genuine. Emails continue to be a major vehicle to entice people into clicking on links that take them to websites that look legitimate so people must stay vigilant and keep their credentials and sensitive data private.