Posted on behalf of Nick Johnston, Senior Software Engineer, Symantec.cloud

As we extensively covered on the MessageLabs Intelligence blog last year, the 2010 soccer FIFA World Cup in South Africa, enjoyed by millions, was also used by both 419/advance fee fraud scammers and malware authors to lure unsuspecting victims into handing over money or installing malware.

Last December we saw two scams which claimed the recipient had won a lottery supposedly connected with 2014 World Cup, to be hosted in Brazil. We were surprised to see scams promoting an event so far in the future, so we were especially surprised to recently see a scam promoting the 2022 World Cup in Qatar. Evidently scammers are not concerned by the fact that the tournament is over ten years away, with tournaments in Brazil and Russia before.

The scam itself is fairly normal. The mail contains very little content in the body; it simply encourages recipients to open the attached PDF document:

419 Scam: Qatar World Cup 2022 example email

The attached PDF document was created with a popular open source office suite, and claims that the recipient has won £1.5m (roughly $2.41m). The document contains a logo for the tournament as a watermark, and also contains a picture of FIFA president Sepp Blatter with Qatar Football Association president Sheikh Hamad bin Khalifa bin Ahmed al-Thani.

419 Scam: PDF Attachment relating to Qatar World Cup 2022

Like many 419 or advance fee fraud scams, the message encourages recipients to email the scammer to claim, or to phone a forwarding number, which often routes the call to the scammer abroad.

Although these messages, like most 419/advance fee fraud scams, are sent in low volumes, there are many variations, and are a nuisance. This mail was blocked automatically for a wide variety of recipients.

It will be interesting to see how 419/advance fee fraud scams continue to take advantage of this and other high-profile events.