As the FIFA World Cup is currently underway in Qatar, cyber-security researchers on Monday warned that threat actors are selling fake Hayya cards, which is essentially permit document, to fans who are willing to pay any amount to get one.

To attend the FIFA World Cup, one needs to have a Hayya card which must be presented along with the original ticket in order to enter the stadium.

According to researchers from AI-driven cyber-security firm CloudSEK, several Telegram channels were found selling Hayya cards for prices ranging from $50-$150.

“To create Hayya cards, the threat actors claim to require the buyer’s valid IDs like passports. And the payment is only accepted in Bitcoin,” they informed.

Threat actors are also sharing hacking techniques that purportedly allow one to register for a Hayya card without a valid FIFA ticket number, for free.

“Given that is an official FIFA sponsor and Binance has partnered with Christiano Ronaldo to promote soccer-themed non-fungible tokens (NFTs), threat actors are piggy-backing on this hype to sell fake ‘World Cup Coin’ and ‘World Cup Token’ by promoting them as limited edition cryptocurrency,” the researchers said.

Buy Me A Coffee

However, most of these purported coins don’t exist.

Also, to exploit the gap between the supply and demand of tickets, scammers have set up websites that sell fake tickets.

“The gap between the supply and demand of FIFA world cup game tickets, flight tickets, hotels, souvenirs, etc., has been co-opted by cyber criminals, to defraud fans and enthusiasts,” said a CloudSEK researcher.

CERT-In Finds Multiple Bugs in Google Chrome, SAP Products

Despite the attractive offers and lures, users should restrict their purchases to official websites and mobile apps.

“Companies that are FIFA sponsors should bolster their security mechanisms and stay up to date on threat actors’ tactics and techniques,” the CloudSEK researcher emphasized.

Buy FIFA tickets and Hayya cards only from the official website and don’t avail of FIFA-related services from Telegram or social media, the researchers advised.