Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams

Cybercriminals are already using the 2026 FIFA World Cup to run phishing campaigns, fake merchandise stores, spoofed FIFA websites, and ticket scams aimed at fans, sponsors, and travel-related businesses.

The tournament’s global demand gives scammers a large pool of victims looking for tickets, official merchandise, hotels, travel deals, streaming options, and event information. That urgency makes fake stores and lookalike domains more convincing.

Recorded Future’s Threats to the 2026 FIFA World Cup report says cybercriminals are exploiting World Cup branding through fake FIFA stores, purchase scams, phishing infrastructure, and spoofed FIFA and host-city domains.

Fake FIFA stores are already running paid ad campaigns

Recorded Future’s Payment Fraud Intelligence team found a network of 33 World Cup-themed purchase scam domains active in April and May 2026. These domains were linked to about 2,500 online advertisements.

The fake stores impersonated FIFA-branded merchandise outlets and used event demand to lure fans into making purchases. Victims did not receive the promised products, while their payment card data and personal information were exposed.

Some scam domains also used multiple merchant accounts. That lets criminals rotate victim-facing storefronts while keeping payment processing infrastructure active behind the scenes.

Scam type	How it works	Main risk
Fake FIFA store	Scammers create a counterfeit merchandise shop and promote it through ads.	Card theft, PII exposure, and no delivered product
Ticket scam	Attackers sell fake or invalid tickets through unofficial channels.	Lost money and invalid entry
Phishing site	Lookalike websites mimic FIFA pages to collect logins and personal data.	Account takeover and identity fraud
Search redirect scam	Compromised websites appear in search results and redirect fans to fraud pages.	Victims trust the search result and land on a scam domain
Mobile wallet fraud	Fake shops trick victims into approving card provisioning on attacker devices.	Unauthorized payments and downstream fraud

Phishing domains are growing before the tournament starts

The 2026 FIFA World Cup is hosted by Canada, Mexico, and the United States across 16 host cities. The official FIFA host cities page confirms the three host countries and the event’s host-city structure.

That large footprint gives attackers more themes to abuse. Scammers can combine FIFA branding with host-city names, national teams, stadiums, travel routes, hotel deals, parking offers, and fake support pages.

Recorded Future said Insikt Group detected 1,122 suspicious domains containing the words “World” and “Cup” since April 1, 2026. It also found more than 600 typosquat domains mimicking fifa.com and 260 registered domains combining FIFA branding with host-city names.

• Scammers are using FIFA branding to sell fake tickets and merchandise.
• Threat actors are registering typosquat domains that look similar to fifa.com.
• Compromised legitimate websites can redirect visitors to fake stores.
• AI-generated text may help criminals scale phishing, smishing, and fake support messages.
• Stolen credentials linked to individual FIFA-related accounts have already appeared on criminal marketplaces.

The FBI is warning fans about spoofed FIFA websites

The FBI has also warned fans about fake FIFA sites. In a May 27 public service announcement, the FBI’s Internet Crime Complaint Center said threat actors are spoofing FIFA websites to collect personal information, sell fake tickets and hospitality products, and possibly enable other malicious activity.

The FBI said spoofed domains may use misspellings, altered top-level domains, or fake subdomains. Examples include domains built around tickets, careers, hiring, hospitality, and World Cup branding.

The agency advised users to type fifa.com directly into the browser, avoid sponsored search results, verify that the URL ends in .com, and bookmark trusted FIFA pages instead of clicking ads or search links.

Red flag	Why it matters
Sponsored search result for tickets	Paid ads can lead to impersonation pages.
Unusual domain ending	Fake sites may use domains that look close to fifa.com but are not official.
Big discounts or urgent countdowns	Scammers use pressure to make fans act quickly.
Requests for extra personal data	Fraud pages may harvest identity details beyond payment information.
Payment outside official channels	Bank transfers, crypto, or unusual payment flows reduce the chance of recovery.

Ticket demand creates a strong opening for fraud

Ticket scams are one of the most direct threats to fans. Criminals can exploit high prices, limited availability, travel urgency, and the fear of missing out to push victims toward unofficial sellers.

FIFA’s own ticketing guidance warns that tickets bought outside FIFA.com/tickets are considered unofficial channels. FIFA says risks include fraud, scams, and invalid tickets.

The guidance also says tickets obtained through unofficial channels may be invalid and may be canceled without notice. That means a cheap resale offer on social media or a lookalike site can cost fans both their money and their match access.

Criminal forums are also targeting ticketing platforms

Recorded Future said threat actors have advertised cash-out services on criminal forums targeting major ticketing platforms, including Ticketmaster, StubHub, and SeatGeek.

These schemes can use stolen payment cards, compromised accounts, or fraudulently obtained tickets. Criminals then try to convert that access into quick resale profits before banks, platforms, or victims detect the abuse.

The same Recorded Future report warns that elevated transaction volume during the World Cup can help fraud blend into normal demand, especially across tickets, travel, hotels, and event-related services.

Indicator type	Indicator	Description
Domain	onlinefifavip-eu[.]shop	FIFA World Cup purchase scam domain promoted through Meta Ads Library
Domain	superbclicks[.]com	Compromised website used to redirect victims to scam infrastructure
Domain	jpopfreehhh[.]click	Purchase scam domain receiving redirected traffic
Domain	fifafanstorehub[.]com	FIFA-branded fake store used in a mobile wallet fraud chain

Fans should buy only through official FIFA channels

Fans should treat unsolicited ticket offers, discount links, giveaway messages, and social media ads with caution. The safest approach is to navigate directly to official FIFA pages rather than using links in emails, texts, ads, or social posts.

The official FIFA resale guidance says fans should buy tickets only through FIFA.com/tickets, the official and preferred source for FIFA World Cup 2026 tickets.

Fans should also verify merchandise stores carefully. A professional-looking website, FIFA-themed logo, or ad placement does not prove that the seller is legitimate.

• Type fifa.com or FIFA.com/tickets directly into the browser.
• Avoid sponsored search results for tickets, jobs, hospitality, and merchandise.
• Do not click ticket links in unsolicited emails, texts, or social media messages.
• Check the domain carefully before entering payment or personal information.
• Use a credit card with fraud protection when buying from official channels.
• Report suspicious FIFA-themed websites to IC3 if you believe you were targeted.

Businesses tied to the World Cup should monitor brand abuse

The risk is not limited to individual fans. Sponsors, travel companies, hospitality providers, payment processors, ticketing platforms, airlines, hotels, broadcasters, and local event partners can all be impersonated.

Organizations should monitor newly registered domains, typosquats, leaked credentials, fake social media ads, phishing pages, and suspicious merchant activity tied to their brands. They should also prepare customer support teams for fraud reports during the tournament.

The FBI warning recommends reporting fake domains, transaction details, and interaction details to IC3. That reporting can help investigators connect related fraud infrastructure.

Organization type	Priority defense
Corporate sponsors	Monitor for brand impersonation, fake ads, and lookalike domains.
Ticketing platforms	Watch for account takeovers, suspicious resale patterns, and carding activity.
Hotels and travel providers	Monitor fake booking pages, loyalty account abuse, and phishing campaigns.
Payment processors	Review merchant-account reuse and high-risk event-themed transaction patterns.
Host-city partners	Track spoofed domains combining FIFA branding with local city names.

Scams are likely to increase as match demand peaks

World Cup fraud will likely grow as fans make last-minute purchases for tickets, hotels, parking, travel, viewing events, and merchandise. Criminals often increase activity when demand rises and users have less time to verify offers.

FIFA’s official tournament page for host countries and cities shows the scale of the event, with activity across Canada, Mexico, and the United States. That scale gives scammers many ways to localize fake offers.

The safest rule for fans is simple: do not trust a World Cup offer because it looks official. Trust only the verified domain, the official ticketing path, and information reached directly from FIFA’s site.

For businesses, the window for preparation is already open. Domain monitoring, credential monitoring, phishing takedown workflows, DMARC enforcement, customer warnings, and fraud-response playbooks should be active before scam volume rises further.

FAQ