Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff.
Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that copies FIFA’s login page well enough to take over real accounts.
It is an obvious target. More than six million fans are expected across 16 cities in the United States, Canada, and Mexico, and FIFA said it received more than 150 million ticket requests in the first 15 days, leaving the tournament around 30 times oversubscribed. Tickets are scarce, fans are anxious, and money is moving fast, which is exactly what fraud needs.
One Operator, 300 Cloned FIFA Sites
The most detailed findings come from Group-IB, which tracked more than 4,300 fraudulent FIFA domains registered since August 2025. At the center is a group it calls GHOST STADIUM, a Chinese-speaking, money-driven operation running one phishing kit across more than 300 of those sites.
The fake is good. The page is a near-perfect copy of fifa.com, and it mimics FIFA’s real single sign-on login, run by PingIdentity, down to the genuine client ID copied from the live site. It loads its images straight from FIFA’s own servers, so the page looks authentic and slips past tools that flag copied images.
Here is the part that does the damage: the fake login page also asks to reset the password. Once a victim enters their details, the attacker can lock them out of their own FIFA account and resell any tickets tied to it.
Most of the traffic comes from Facebook ads, with the same tracking codes reused across the whole cluster, plus links on Telegram, WhatsApp, and in search results. The site takes payment in five different ways: straight card entry, outside payment gateways, money-transfer apps like Chime and Nequi, Mexico-only processors, and a crypto option that converts a card payment into cryptocurrency, which is much harder to get back.
That last one is a handy tell, because FIFA’s official ticketing never takes crypto, so any seller asking for it is a scam.
Group-IB puts the losses from premium and hospitality ticket fraud alone at $71 million to $474 million, and says the whole campaign could add up to billions. Those are estimates based on the infrastructure it can see, not confirmed losses.
Thousands of Domains, Many Kinds of Scams
It is not just Group-IB. FortiGuard Labs counted more than 13,000 World Cup-themed domains registered between January and May, about 8.8% of them malicious or suspicious.
The FBI advisory lists dozens of fake FIFA domains, from misspelled lookalikes to phony FIFA jobs pages, and warns more are coming. Other researchers have mapped thousands more lookalike sites and over a thousand fake social accounts.
Ticket fraud is just one piece. Group-IB also found counterfeit merchandise shops, bogus streaming sites that take a subscription fee and then install…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
