[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fs5gR_OCWdspyWAgDCVH4kywFYfltEH4VYq6ObgVPMvI":3},{"article":4,"iocs":55},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":34,"category":35,"article_tags":39},"2684a27a-bbe4-4917-9720-80e232f9361b","FBI warns of fake FIFA websites running World Cup fraud schemes","fbi-warns-of-fake-fifa-websites-running-world-cup-fraud-schemes-57b82c","The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event. [...]","The FBI issued a public service announcement warning of phishing and fraud schemes targeting 2026 World Cup fans through fake FIFA websites using minor spelling variations (fiffa.com, fifa-hiring.com) and alternative TLDs. Threat actors, including a Chinese group tracked as Ghost Stadium operating 300+ cloned portals, are collecting personal and financial data, selling counterfeit tickets and merchandise, and conducting identity theft. The FBI recommends users manually type fifa.com, avoid sponsored ads, verify URLs, and report incidents to IC3.","FBI warns of hundreds of fake FIFA websites targeting World Cup fans with phishing and fraud.","FBI warns of fake FIFA websites running World Cup fraud schemes By Bill Toulas May 28, 2026 03:08 PM 0 The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event. With the international soccer tournament set between June 11 and July 19 in the United States, Canada, and Mexico, threat actors prepared hundreds of phishing sites. According the the public service announcement from the FBI, the fake domains impersonate the official fifa.com, but rely on minor spelling changes that users are likely to miss, such as fiffa[.]com, and use alternative top-level domains (e.g., .org, .xyz, .live, .sale), along with fake employment portals like “jobs-fifa[.]com” or “fifa-hiring[.]com.” The agency notes that many of the fraudulent websites collect from visitors various types of data, including names, physical and email addresses, phone numbers, banking\u002Fpayment details, which could be used to create fraudulent accounts, commit identity theft, or run financial scams. The scale of these campaigns is also reflected in reports from cybersecurity companies Group-IB and Bitdefender, whose researchers observed World Cup-related malvertising campaigns promoted through Google Search, Facebook ads, Telegram, and WhatsApp. A major operation that Group-IB researchers attributed to a Chinese threat actor tracked as Ghost Stadium, uses more than 300 phishing sites, clones of the real FIFA portal, for premium ticket fraud. Fake tickets portalSource: Group-IB Starting in February, Bitdefender observed fraudulent activity around the World Cup brand targeting users in the UK, Portugal, Spain, Algeria, the US, Canada, Mexico, Brazil, Germany, and Australia, with fake merchandise, kits and collectibles, streaming services, and Panini sticker offers. Ad for fake merchandiseSource: Bitdefender How to protect As public interest in the World Cup surges, cybercriminals will try to take advantage through various lures, leading to fraudulent online portals designed to sell fake products or steal money and user data. Fans can steer away from these risks by following a simple set of recommendations from the FBI: Manually type fifa.com into the browser Avoid sponsored search ads or use an ad blocker Verify the URL ends in .com Using bookmarks for official FIFA sites Avoid suspicious links sent via direct messages Never enter sensitive data unless the site is verified authentic Users are encouraged to report incidents to the FBI’s Internet Crime Complaint Center (IC3) and include details such as the fake domain used, interaction history, and payment information, so the authorities can take action against the fraudulent portal. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: Android 17 to expand banking scam call and privacy protectionsTelegram Mini Apps abused for crypto scams, Android malware deliveryPolice dismantles 9 crypto scam centers, arrests 276 suspectsEuropean police dismantles €50 million crypto investment fraud ringFTC: Americans lost over $2.1 billion to social media scams in 2025","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Ffbi-warns-of-fake-fifa-websites-running-world-cup-fraud-schemes\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F28\u002Fworldcup.jpg","2026-05-28T19:08:10+00:00","2026-05-28T20:00:13.007898+00:00",7,[18,21,24,26,28,31],{"name":19,"type":20},"Ghost Stadium","threat_actor",{"name":22,"type":23},"FBI","vendor",{"name":25,"type":23},"Group-IB",{"name":27,"type":23},"Bitdefender",{"name":29,"type":30},"2026 World Cup phishing campaign","campaign",{"name":32,"type":33},"Phishing","technology","c5c77cdb-f7d7-4990-9436-c81dcbff1163",{"id":34,"icon":36,"name":37,"slug":38},null,"Policy","policy",[40,45,50],{"category":41},{"id":42,"icon":36,"name":43,"slug":44},"2c8f44d4-b56e-47cf-9677-04f22c9ee78d","Identity & Access","identity-access",{"category":46},{"id":47,"icon":36,"name":48,"slug":49},"614132b8-5837-4952-b8b5-c6c9a32a1d85","Privacy","privacy",{"category":51},{"id":52,"icon":36,"name":53,"slug":54},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[56,60,63],{"type":57,"value":58,"context":59},"domain","fiffa.com","Phishing domain impersonating FIFA with minor spelling variation",{"type":57,"value":61,"context":62},"jobs-fifa.com","Fake FIFA employment portal collecting personal data",{"type":57,"value":64,"context":65},"fifa-hiring.com","Fake FIFA hiring\u002Femployment portal used in phishing schemes"]