Security researchers from Group-IB identified a network of more than 66 Russian-language websites during the 2022 World Cup season that exploited fans’ enthusiasm to steal money through fake prize draws. The findings were shared with socialbites.ca via Group-IB and highlight a clever but dangerous approach used by cybercriminals to lure victims into giving up sensitive information and funds.
The pattern is straightforward and highly effective: scammers attract visitors with promises tied to the 2022 World Cup matches. Users are invited to join prize drawings for match tickets, free live streams, World Cup memorabilia, and cash rewards. The core tactic is a so‑called prize box mechanic, where users repeatedly click to reveal a prize, unknowingly stepping closer to a scam ecosystem.
According to Group-IB, a typical user experience involves three chances to choose a cash prize ranging from modest amounts to tens of thousands of dollars. In many cases, the third attempt is engineered to be successful after two failed attempts, setting up the final stage of the scam. This sequence is described by experts as a classic confidence-building scheme designed to create a sense of inevitability and reward, nudging users toward a compromised conclusion.
Criminal operators typically request a small “commission” to convert the prize into real value, asking victims to enter bank card details for a payment of 300–500 rubles. Once card data is provided, the supposed prize is never delivered—the broadcast never starts, and the user loses both funds and payment credentials. The scam relies on a carefully staged narrative and a rapid, frictionless user flow that makes the deception feel legitimate and urgent.
Group-IB notes that only a handful of these sites remain active at any given moment. The rest lie dormant in a controlled state, ready to be activated within minutes if a takedown occurs. This shifting tactic makes it difficult for authorities to identify and shut down all illicit domains before they launch a new wave of fraudulent activity, allowing the criminals to recover quickly and exploit fresh opportunities.
In total, Group-IB has traced more than 16,000 fake sources that leveraged the FIFA 2022 World Cup theme held in Qatar to harvest personal data and siphon money from football fans around the world. These campaigns are not isolated incidents but part of a broader pattern in which large sporting events become magnets for scams. The attackers rely on timely social engineering, fake announcements, and the universal appeal of football to maximize reach and impact.
Earlier reporting by socialbites.ca highlighted widespread fake job postings in Telegram as another common fraud vector observed during the same period. Taken together, these findings illustrate a recurring risk landscape during major events where cybercriminals exploit excitement and trust to collect payment details and personal information from unsuspecting users. Researchers emphasize ongoing vigilance by users, platforms, and law enforcement to disrupt such schemes and reduce harm for fans seeking to engage with live sports online. (Group-IB, as cited)