FBI warns of fake FIFA websites running World Cup fraud schemes

News

Featured
Latest

Glassworm botnet disrupted after resilient C2 infrastructure takedown

CISA gives feds 4 days to patch actively exploited cPanel plugin flaw

Windows 11 KB5089573 update released with performance improvements

Charter confirms data breach after ShinyHunters extortion threat

FBI warns of fake FIFA websites running World Cup fraud schemes

Stop losing storage to duplicates—DupFiles is on sale for just $20

Hackers exploit FortiClient EMS flaw to push infostealer malware

New Gogs zero-day flaw lets hackers get remote code execution

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityFBI warns of fake FIFA websites running World Cup fraud schemes

FBI warns of fake FIFA websites running World Cup fraud schemes

By Bill Toulas

May 28, 2026
03:08 PM
0

The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event.
With the international soccer tournament set between June 11 and July 19 in the United States, Canada, and Mexico, threat actors prepared hundreds of phishing sites.
According the the public service announcement from the FBI, the fake domains impersonate the official fifa.com, but rely on minor spelling changes that users are likely to miss, such as fiffa[.]com, and use alternative top-level domains (e.g., .org, .xyz, .live, .sale), along with fake employment portals like “jobs-fifa[.]com” or “fifa-hiring[.]com.”
The agency notes that many of the fraudulent websites collect from visitors various types of data, including names, physical and email addresses, phone numbers, banking/payment details, which could be used to create fraudulent accounts, commit identity theft, or run financial scams.
The scale of these campaigns is also reflected in reports from cybersecurity companies Group-IB and Bitdefender, whose researchers observed World Cup-related malvertising campaigns promoted through Google Search, Facebook ads, Telegram, and WhatsApp.
A major operation that Group-IB researchers attributed to a Chinese threat actor tracked as Ghost Stadium, uses more than 300 phishing sites, clones of the real FIFA portal, for premium ticket fraud.

Fake tickets portalSource: Group-IB
Starting in February, Bitdefender observed fraudulent activity around the World Cup brand targeting users in the UK, Portugal, Spain, Algeria, the US, Canada, Mexico, Brazil, Germany, and Australia, with fake merchandise, kits and collectibles, streaming services, and Panini sticker offers.

Ad for fake merchandiseSource: Bitdefender
How to protect
As public interest in the World Cup surges, cybercriminals will try to take advantage through various lures, leading to fraudulent online portals designed to sell fake products or steal money and user data.
Fans can steer away from these risks by following a simple set of recommendations from the FBI:
Manually type fifa.com into the browser
Avoid sponsored search ads or use an ad blocker
Verify the URL ends in .com
Using bookmarks for official FIFA sites
Avoid suspicious links sent via direct messages
Never enter sensitive data unless the site is verified authentic
Users are encouraged to report incidents to the FBI’s Internet Crime Complaint Center (IC3) and include details such as the fake domain used, interaction history, and payment information, so the authorities can take action against the fraudulent portal.

The Validation Gap: Automated Pentesting Answers One Question. You Need Six.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate.
Download Now

Related Articles:
Android 17 to expand banking scam call and privacy protectionsTelegram Mini Apps abused for crypto scams, Android malware deliveryPolice dismantles 9 crypto scam centers, arrests 276 suspectsEuropean police dismantles €50 million crypto investment fraud ringFTC: Americans lost over $2.1 billion to social media scams in 2025

FIFA
Fraud
Scam
Spoofing
Typosquatted
World Cup

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article

Post a Comment Community Rules

You need to login in order to post a comment
Not a member yet? Register Now

You may also like:

  Upcoming Webinar

Popular Stories

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

Charter confirms data breach after ShinyHunters extortion threat

Microsoft Defender can now automatically isolate hacked endpoints

Sponsor Posts

Overdue a password health-check? Audit your Active Directory for free

Protect Your Business from Ecommerce Fraud

#1 MSP Benchmark report 2026: Insights from 1,000+ MSPs on growth, security, artificial intelligence, and key 2026 trends.

AI is a data-breach time bomb: Read the new report

  Upcoming Webinar

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

The Federal Bureau of Investigation has issued a warning concerning fake websites impersonating FIFA in anticipation of the 2026 World Cup, detailing schemes designed to steal personal and financial information, sell fraudulent tickets and hospitality packages, and execute other forms of related fraud. Threat actors prepared hundreds of phishing sites targeting the event, leveraging the international soccer tournament scheduled between June 11 and July 19 in the United States, Canada, and Mexico. These fraudulent domains mimic the official fifa.com but employ subtle discrepancies, such as minor spelling alterations like fiffa[.]com, the use of alternative top-level domains such as .org, .xyz, .live, or .sale, and the creation of deceptive employment portals like jobs-fifa[.]com or fifa-hiring[.]com. These malicious websites are designed to harvest sensitive visitor data, including names, physical and email addresses, phone numbers, and banking or payment details, with the intent of committing identity theft, creating fraudulent accounts, or perpetrating financial scams.

The scope of these criminal campaigns is evidenced by observations from cybersecurity firms Group-IB and Bitdefender, which detected World Cup-related malvertising campaigns disseminated through various platforms including Google Search, Facebook advertisements, Telegram, and WhatsApp. A significant operation, attributed by Group-IB researchers to a Chinese threat actor designated as Ghost Stadium, utilized over three hundred phishing sites that cloned the official FIFA portal to facilitate premium ticket fraud. Additionally, Bitdefender noted fraudulent activity focused on various regions, including the UK, Portugal, Spain, Algeria, the US, Canada, Mexico, Brazil, Germany, and Australia, targeting users with fake merchandise, kits, collectibles, streaming services, and Panini sticker offers.

To mitigate these escalating risks, the FBI provided specific recommendations for protection. These guidelines emphasize user vigilance, advising individuals to manually type fifa.com into their browser to ensure authenticity, to avoid sponsored search advertisements or utilize ad blockers, and to verify that the URL concludes with .com. Users are also encouraged to leverage bookmarks for official FIFA sites and must refrain from engaging with suspicious links received via direct messages. Fundamentally, the warning stresses that users should never enter sensitive data unless the website has been rigorously verified as authentic. Furthermore, the agency directs the public to report any incidents to the FBI’s Internet Crime Complaint Center (IC3), providing comprehensive details such as the fake domain utilized, the interaction history, and any payment information, to enable law enforcement to pursue necessary actions against the fraudulent portals.