FBI Warning: World Cup Scammers Are Spoofing FIFA Tickets, Job Sites
World Cup excitement is becoming useful bait for online scammers.
The FBI warned that fraudsters are creating spoofed FIFA-themed websites to trick fans, job seekers, and merchandise buyers into handing over payment details or personal information ahead of the 2026 FIFA World Cup. The fake sites use typosquatting, lookalike domains, and cloned branding to appear legitimate.
With several spoofed domains already flagged, targeting ticket and merchandise buyers as well as job seekers, the bureau warns the list is likely to grow.
The advice is simple: type the fifa.com URL yourself, skip sponsored links, and when in doubt about a site’s legitimacy, don’t enter any sensitive information on it.
Deconstructing the attack flow
Under the hood, this campaign combines social engineering, phishing, impersonation, and online fraud. In its PSA, the FBI says that threat actors use typosquatting and a close replica of FIFA’s website interface to trick visitors into believing they are interacting with the legitimate website.
When these threat actors aren’t using misspellings or typosquatting, they manipulate top-level domain extensions to get unsuspecting targets to land on their websites. Instead of the official fifa.com, users will see domains like fifa-hiring[.]com or www.fifa[.]cab.
It isn’t uncommon for attackers to use job scams in malicious campaigns like this. The bureau says the threat actors register subdomains with job-related keywords — domains like fifa-hr[.]com, jobs-fifa[.]com, fifa-hiring[.]com, and fifaworldcup-careers[.]com are among the domains highlighted by the FBI.
Aside from job offers, unsuspecting users who land on an attacker-controlled website are tricked into buying fake tickets or products that will never arrive. That’s not all. It also says that victims may have personally identifiable information (PII), such as names, email addresses, phone numbers, home addresses, and banking information, submitted on these sites.
This matters because these PII, when combined, are sufficient to launch follow-up personalized phishing attempts or, in the worst case, be sold on the dark web.
Who is behind the FIFA scam campaign?
As of the time of writing, the FBI has not disclosed any suspects in this scam. However, the agency did list 36 flagged domains that users should be wary of.
In addition, it warns that the number of spoofed websites will continue to grow, even during the FIFA World Cup.
Citing security researchers at Group-IB, BleepingComputer reported that a Chinese threat actor known as Ghost Stadium has cloned over 300 phishing websites for FIFA to commit ticket fraud ahead of the global sports competition.
According to a Bitdefender report, this campaign has been ongoing since February, targeting individuals in the UK, Portugal, Spain, Algeria, the US, Canada, Mexico, Brazil, Germany, and Australia. In its observed campaign, the cybersecurity firm notes that in addition to fake merchandise, targets are offered “streaming services, and Panini sticker offers.”
Advertisement
How to stay safe
The FBI’s advice comes down to one thing: do not trust urgency over verification.
To avoid fake FIFA ticket, merchandise, or job sites:
- Go directly to fifa.com. Type the URL into your browser instead of clicking search results or ads.
- Avoid sponsored links. Scammers can use paid search placements to appear above legitimate results.
- Check the domain carefully. Watch for misspellings, extra words, unusual endings, or lookalike URLs.
- Do not enter sensitive information on unfamiliar sites. That includes payment details, banking information, home addresses, phone numbers, and login credentials.
- Bookmark the official site. Use that bookmark for future ticket, merchandise, or job searches.
- Close the tab if something feels off. Suspicious discounts, urgent countdowns, or unfamiliar hiring portals should be treated as warning signs.
As interest in the 2026 FIFA World Cup grows, scammers are likely to keep spinning up new lookalike domains. Fans should verify every offer through FIFA’s official website before sharing money or personal information.
Also read: The FBI warned that the Silent Ransom Group is using impersonation and in-person data theft tactics against corporate targets.
About Author
