With the FIFA World Cup set to begin on June 11, security researchers and the FBI are warning fans about a growing number of scams designed to exploit demand for tickets, live streams, merchandise, and travel services.
Researchers say thousands of FIFA-themed websites have already been created, ranging from fake ticket marketplaces and counterfeit merchandise stores to fraudulent streaming services and phishing pages designed to steal account credentials.
According to cybersecurity firm Group-IB, more than 4,300 fraudulent FIFA-related domains have been registered since August 2025. The company said a large portion of the activity is linked to a campaign it calls GHOST STADIUM, which operates more than 300 websites using the same phishing infrastructure.
Group-IB said the websites closely mimic FIFA’s official online services. Some pages reportedly replicate FIFA’s login process and use content loaded directly from FIFA’s servers, making them appear legitimate to visitors.
Researchers said the goal is often to gain access to FIFA accounts. In some cases, victims are directed to pages that request login credentials and password resets. Once attackers obtain account access, they may take control of accounts associated with purchased tickets.
The company said traffic to the fraudulent sites is being driven through Facebook advertisements, search engine results, Telegram channels, and WhatsApp messages. The sites offer multiple payment methods, including cryptocurrency. Researchers noted that FIFA’s official ticketing platform does not accept cryptocurrency payments.
Group-IB estimated that fraud involving premium and hospitality tickets could generate losses ranging from $71 million to $474 million. The company said those figures are estimates based on observed infrastructure rather than confirmed losses.
Researchers from FortiGuard Labs identified more than 13,000 World Cup-themed domains registered between January and May, with roughly 8.8% classified as suspicious or malicious. The FBI has also warned about numerous fake FIFA-related websites, including fraudulent employment pages and other lookalike domains.
Beyond ticket scams, researchers said they have identified fake betting sites, counterfeit merchandise stores, and fraudulent streaming services. Group-IB reported that some fake betting platforms collect passport scans and selfie images, potentially exposing users to identity theft.
Security firms are also warning fans about unofficial streaming applications distributed outside official app stores.
ThreatFabric said it observed a rise in malicious streaming apps around the UEFA Champions League final and expects similar activity during the World Cup. Kaspersky linked some of these apps to Android banking malware known as Massiv and Perseus.
According to researchers, the apps can request permissions that allow attackers to monitor activity on infected devices, intercept authentication codes, display fake banking login pages, and remotely control certain functions.
Social media platforms have become another major channel for fraud. Bitdefender identified more than 55 football-related advertising campaigns on Facebook and Instagram promoting fake merchandise, counterfeit collectibles, and phishing pages. Fortinet reported finding more than 1,700 accounts impersonating FIFA, with most operating on Facebook and Instagram.
Researchers also found FIFA-related credentials among data collected by credential-stealing malware, raising concerns that compromised accounts could be used in additional fraud schemes during the tournament.
Fans attending matches may also face risks when connecting to public Wi-Fi networks. A Kaspersky survey conducted in Mexico City, Monterrey, and Guadalajara found that between 10% and 12% of observed networks were open and unsecured, while nearly half had Wi-Fi Protected Setup enabled.
Meta said it has begun displaying warning messages to users searching Facebook for FIFA tickets and has worked with Visa to disrupt a network linked to fraudulent World Cup websites. The FBI is encouraging victims of online scams to submit reports through its Internet Crime Complaint Center.
Group-IB said roughly 3,800 FIFA-themed fraudulent domains remain registered but inactive, leaving additional infrastructure available for future campaigns during the tournament period.