Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: fifa (2 articles)Clear

FIFA World Cup 2026 fraud wave hits fans before June 11 kickoff

With the FIFA World Cup kicking off June 11 across the US, Canada, and Mexico, the FBI and researchers at Group-IB and Fortinet warn that a large fraud operation is already running. Group-IB tracked more than 4,300 fake FIFA websites and a Chinese-speaking crew, GHOST STADIUM, that cloned the official site pixel-for-pixel, fake login and all, across 300-plus domains. Scams include bogus ticket, merchandise, and hospitality sites, fake streaming apps that hide banking malware, and betting sites that harvest passport scans for identity theft. With tickets scarce and 150 million requests filed, scammers are exploiting fans' urgency to steal logins, money, and personal data.

Check
Warn staff and remind yourself to verify any World Cup ticket, merchandise, or streaming offer, and check security logs for employee visits to lookalike FIFA domains.
Affected
Anyone buying World Cup tickets, merchandise, hospitality, or streaming access, plus job seekers; employees using work devices or accounts to shop for the tournament.
Fix
Buy only via fifa.com typed directly into the browser, avoid sponsored search results and emailed links, and block known fraudulent FIFA domains at your web gateway.

FBI warns of fake FIFA World Cup 2026 sites (fiffa.com, alt-TLDs) collecting payment data ahead of June 11 kickoff

The FBI has issued a public service announcement warning of hundreds of fake FIFA-themed phishing and fraud sites ahead of the 2026 World Cup running June 11 to July 19 in the US, Canada, and Mexico. Domains include fiffa[.]com and alternative TLDs (.org, .xyz, .live, .sale) plus fake employment portals like jobs-fifa[.]com and fifa-hiring[.]com. The fraudulent sites collect names, addresses, phone numbers, and banking/payment details; the data is used for fake-ticket sales, hospitality-package scams, identity theft, and fraudulent account creation. Group-IB and Bitdefender confirmed parallel malvertising via Google Search, Facebook, Telegram, and WhatsApp, with one major operation attributed to a Chinese-speaking gang.

Check
Add FIFA-themed lookalike domains (fiffa.com, fifa-*[.]com, fifa with alt-TLDs) to email and web filters. Brief staff that the only official site is fifa.com - any other is suspicious.
Affected
Anyone considering buying World Cup tickets, hospitality packages, or FIFA-related employment ahead of June 11. Chinese-speaking gangs and Russian-speaking operations target English, Spanish, and Portuguese speakers.
Fix
Source tickets only via fifa.com or authorized partner sites. Pay via credit card or escrow for chargeback protection. Report fake FIFA sites to FBI IC3. Apply Group-IB and Bitdefender IoCs.