Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: world-cup (1 article)Clear

FBI warns of fake FIFA World Cup 2026 sites (fiffa.com, alt-TLDs) collecting payment data ahead of June 11 kickoff

The FBI has issued a public service announcement warning of hundreds of fake FIFA-themed phishing and fraud sites ahead of the 2026 World Cup running June 11 to July 19 in the US, Canada, and Mexico. Domains include fiffa[.]com and alternative TLDs (.org, .xyz, .live, .sale) plus fake employment portals like jobs-fifa[.]com and fifa-hiring[.]com. The fraudulent sites collect names, addresses, phone numbers, and banking/payment details; the data is used for fake-ticket sales, hospitality-package scams, identity theft, and fraudulent account creation. Group-IB and Bitdefender confirmed parallel malvertising via Google Search, Facebook, Telegram, and WhatsApp, with one major operation attributed to a Chinese-speaking gang.

Check
Add FIFA-themed lookalike domains (fiffa.com, fifa-*[.]com, fifa with alt-TLDs) to email and web filters. Brief staff that the only official site is fifa.com - any other is suspicious.
Affected
Anyone considering buying World Cup tickets, hospitality packages, or FIFA-related employment ahead of June 11. Chinese-speaking gangs and Russian-speaking operations target English, Spanish, and Portuguese speakers.
Fix
Source tickets only via fifa.com or authorized partner sites. Pay via credit card or escrow for chargeback protection. Report fake FIFA sites to FBI IC3. Apply Group-IB and Bitdefender IoCs.