Thousands of Fake Websites Launched for the World Cup

Cybercriminals have launched over 16,000 fraudulent websites targeting soccer fans during the FIFA World Cup in Qatar, according to analysts at Group-IB. These sites offered tickets to World Cup matches, as well as clothing and souvenirs featuring official FIFA 2022 branding. An additional 66 sites specifically targeted Russian fans, stealing money and bank card data under the guise of prize giveaways on fake match streaming pages.

How the Scam Works

Researchers report that the owner of a network of malicious sites, known by the nickname Kinohoot, has used similar schemes during previous major sporting events, including the Tokyo 2020 Summer Olympics and the Beijing Winter Olympics two years later. Over several years of monitoring, experts have identified 382 domains registered for various sports-related scams.

The scammer posts announcements for live streams on hacked pages of legitimate websites, such as university sites. The fraud itself follows a familiar pattern: on the fake site, fans are invited to participate in a drawing for free access to live streams by opening one of 12 “boxes” displayed on the screen. Users get three attempts to pick a box containing a cash prize ranging from $10 to $10,000. After two unsuccessful tries, the third attempt always results in a “win.”

Next, the “winner” is asked to pay a small “conversion fee” of 300–500 rubles (about $5–$8), requiring them to enter their bank card details. In the end, the stream never starts, and the victim loses both their money and card information.

How Scammers Avoid Detection

“To avoid having all their domains blocked at once, criminals keep only a few sites active while the rest remain dormant. These sites can be activated within minutes at any time, making it difficult to detect and block them before they go live. That’s why we recommend soccer fans stay vigilant and follow basic cybersecurity rules: don’t click suspicious links, verify websites before entering any information, and never use your bank card to pay for goods or services on unfamiliar sites,” says Gleb Martyanov, Chief Expert at CERT-GIB.

Other Fraud Schemes During the World Cup

In addition to the streaming scam, Group-IB’s Digital Risk Protection solution found over 16,000 fake resources exploiting the FIFA 2022 World Cup theme to steal fans’ data and money. Experts identified four main types of scams used during the tournament:

• Fake online stores in English and Arabic offering official team jerseys, souvenirs, or match tickets. After entering their card details, victims’ information is stolen and their money is withdrawn.
• Phishing surveys promising valuable prizes or volunteer jobs at the World Cup, which are actually traps to steal money and personal data.

To help protect soccer fans from cybercriminal attacks, Group-IB has shared the discovered fraudulent resources with Interpol and Qatar’s Computer Emergency Response Team (Q-CERT).