With the FIFA World Cup in full swing, threat actors are seeking to exploit unsuspecting fans with a range of tactics to steal credentials, personal identifiable information (PII), and money. Scammers are employing social engineering tactics including phishing, fake apps, and malicious merchandising sites spoofing the branding of the FIFA World Cup in Qatar to target fans. The cybersecurity firm Group-IB observed more than 16,000 scam domains and 40 malicious apps in the Google Play store that were using FIFA World Cup 2022 branding to lure users. In particular, threat actors have set up phony merchandising sites and spoofed ticketing sites created to harvest money and/or bank details from victims. Another observed tactic is fake surveys impersonating major brands, as well as the World Cup itself. The surveys guarantee a reward for filling out the form with PII and phone numbers. Earlier this month Digital Shadows released research highlighting similarly widespread efforts to exploit the World Cup via spoofed domains, fake apps and fraudulent social media pages. As the games continue, it’s important to remind users to be extra vigilant for scams using World Cup branding. Read more at Info Security Magazine.