Fraudsters target tickets, merchandise, visas, and banking data with thousands of fake domains, prompting global warnings from every sector.
Historically, World Cup fraud has cost fans billions across recent tournaments, with scammers exploiting everything from ticketing to merchandise, and cybercriminals going after credentials and bank account takeovers.
In 2014, over 73,000 malicious attacks had been tied to the Brazil World Cup. By Qatar 2022, cybersecurity researchers were discovering 16,000 scam sites, dozens of fake ads, and 90+ compromised FIFA fan portal accounts.
Now, cybersecurity firms have identified more than 4,300 fake FIFA domains registered since August 2025, targeting fans with fraudulent tickets, counterfeit merchandise, phishing emails, fake gambling sites, and bogus immigration services.
Cybersecurity agencies cascade warnings
On 26 May 2026, the FBI’s Internet Crime Complaint Center released a public service announcement warning of threat actors spoofing FIFA websites to steal personal data, sell counterfeit tickets, and push fraudulent hospitality products, identifying domains such as fifa[.]cab, fifa[.]pink and fifa[.]city [ic3.gov:1].
Canada’s RCMP and Canadian Anti-Fraud Centre had already warned in January this year about misleading social media posts and ads falsely claiming World Cup visitors can work or settle in Canada, with agents offering “$2,220 CAD visas” promising high approval rates. The Canadian Border Services Agency has explicitly stated: “There is no special ‘FIFA visa’, and a match ticket does not guarantee entry into Canada”.
On 28 May 2026, the Pennsylvania State Police had issued alerts about counterfeit tickets, fake QR codes, bogus party packages, and fraudulent accommodations.
Coordinated precautions span multiple scam categories
The FBI advises typing fifa.com directly into browsers when searching for World Cup news, avoiding sponsored search results, using bookmarks for login sites, and reporting scams to IC3.
FIFA has recommended precautions such as buying tickets only through official channels and shopping only in official stores to prevent counterfeit items that fund organized crime.
E-commerce platforms should be attuned to the rise of merchandise stores selling fake mascot plush toys and T-shirts to harvest banking data, plus phishing emails falsely offering $500,000 grants for tickets and flights. Some reports have revealed predictions of fake streaming platforms, fraudulent betting sites collecting passport scans for identity fraud, and copycat hospitality sites.
Under pressure from previous run-ins with governments and public agencies, Meta has announced a slew of measures to increase fraud protection, including deploying pop-ups warning users of best safety practices when searching for World Cup tickets and associated products. The firm has also assigned more dedicated teams to monitor for ticketing scams, fake immigration offers, and fraudulent hostel listings.
News voices capture the expanding threat
Nuno Sebastiao, CEO, Feedzai, had told Reuters: “Large gatherings like a World Cup are a scammer’s dream… A football fan is not a high-income person… So there’s more propensity to be the victim of a scam because you really want to go.”
One security analyst even called it bluntly: “The World Cup is the greatest phishing engine ever built.” Josep Albors, Director of Research and Awareness, ESET (Spain), has noted: “Cybercriminals take advantage of global events of great media interest to exploit users’ urgency, excitement, and anxiety,” noting that the search for tickets and products linked to the championship becomes “the perfect bait to steal sensitive information.”
