World Cup phishing scams spotted a year ahead of the event

The FIFA World Cup is still more than a year away, but that's not stopping cybercriminals from trying to use the hype surrounding the event to scam people.

Researchers for Kaspersky said Friday that between Aug. 15 and Oct. 15 of this year, they detected 11,000 phishing emails mainly containing scam invites to bid on contracts to supply goods or services for the World Cup. According to the researchers, this is a new tactic that's not typical of sports-related fraud.

Other emails claimed that the recipient had been chosen to take part in a giveaway. In the cases of both these and the contract scams, the recipients were asked to pay a commission to participate but received nothing in return.

Some of the other phishing emails carried malicious attachments. The researchers also found malicious files that had been downloaded from the internet. In all, Kaspersky said it spotted 625 attempts to infect users with files named after the World Cup in 2021. 

The vast majority of those involved Word documents asking users to share their personal information. Other threats included AdWare and trojans designed to collect login credentials and other data.

To avoid falling for phishing scams, Kaspersky says people should be wary of unsolicited email offers, especially those that push recipients to act quickly. If an offer looks too good to be true, it probably is. Long email addresses that contain garble can be a red flag, as can grammar and spelling errors.

In addition, legitimate companies will never contact you out of the blue and ask for personal information like credit card details or your Social Security number. 

The FIFA World Cup is set to kick off in November 2022 in Qatar.