GoKawiilThe FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event.
With the international soccer tournament set between June 11 and July 19 in the United States, Canada, and Mexico, threat actors prepared hundreds of phishing sites.
According the the public service announcement from the FBI, the fake domains impersonate the official fifa.com, but rely on minor spelling changes that users are likely to miss, such as fiffa[.]com, and use alternative top-level domains (e.g., .org, .xyz, .live, .sale), along with fake employment portals like “jobs-fifa[.]com” or “fifa-hiring[.]com.”
The agency notes that many of the fraudulent websites collect from visitors various types of data, including names, physical and email addresses, phone numbers, banking/payment details, which could be used to create fraudulent accounts, commit identity theft, or run financial scams.
The scale of these campaigns is also reflected in reports from cybersecurity companies Group-IB and Bitdefender, whose researchers observed World Cup-related malvertising campaigns promoted through Google Search, Facebook ads, Telegram, and WhatsApp.
A major operation that Group-IB researchers attributed to a Chinese threat actor tracked as Ghost Stadium, uses more than 300 phishing sites, clones of the real FIFA portal, for premium ticket fraud.
Fake tickets portal
Source: Group-IB
Starting in February, Bitdefender observed fraudulent activity around the World Cup brand targeting users in the UK, Portugal, Spain, Algeria, the US, Canada, Mexico, Brazil, Germany, and Australia, with fake merchandise, kits and collectibles, streaming services, and Panini sticker offers.
Ad for fake merchandise
... continue reading