More Than 4,300 Fake FIFA Domains Target Fans Ahead of the 2026 World Cup

As the FIFA World Cup 2026 in the United States, Canada, and Mexico approaches, cybersecurity experts are warning of a sharp increase in online scams targeting fans looking to purchase tickets. According to research by Group-IB, more than 4,300 fraudulent domains impersonating FIFA’s official web presence have been identified since August 2025, with many designed to steal user credentials and payment information.

Researchers say that a threat actor known as Ghost Stadium is at the center of the campaign, operating highly convincing replicas of FIFA websites to lure victims into entering their login details. The fraudulent sites often use authentic branding elements and multilingual support, making them difficult for users to distinguish from legitimate platforms.

Social media advertisements play a major role in the scheme, promoting heavily discounted tickets and creating a sense of urgency among potential buyers. Users who click on these ads are redirected to fake ticketing pages where scammers collect payment card information, personal data, or access credentials for existing FIFA accounts. In some cases, victims who already own valid tickets have their accounts compromised, allowing criminals to resell legitimate tickets for profit.

Analysts also identified several parallel fraud operations, including fake streaming services, counterfeit merchandise stores, and unauthorized betting platforms designed to harvest personal information and financial data. At the same time, thousands of compromised FIFA account credentials are reportedly being traded on dark-web marketplaces.

Group-IB estimates that financial losses related to premium-ticket fraud alone could reach hundreds of millions of dollars. Security experts therefore recommend purchasing tickets only through official channels, carefully verifying website addresses before logging in, and enabling multi-factor authentication on FIFA accounts.