Warning about fake FIFA websites before the 2026 World Cup

The FBI is warning about fake FIFA websites that cybercriminals are setting up to obtain data or money from potential victims. IT security companies have analyzed the campaign by the criminal group “Ghost Stadium”.

The US federal agency FBI issues a public service announcement about fraudulent, fake FIFA websites. They imitate the legitimate website, including its branding, product offerings, and more. They are used by malicious actors to steal personal data or commit financial fraud.

FBI law enforcement has observed that perpetrators collect personal information, sell fake tickets and merchandise, and may commit other offenses. With personal data, attackers can create new accounts in the victims' names and ultimately defraud them, the FBI writes. The fake websites also imitate the legitimate URL by using typosquatting domains, such as “fiffa[.]com.” However, they also use thematically appropriate domains like “jobs-fifa[.]com”.

Dozens of fraudulent domains

The FBI already lists dozens of known fraudulent domains, too many to list here. Investigators emphasize that there will be more and that interested parties should therefore remain vigilant.

IT researchers from Group-IB have also discovered many more fraudulent websites. According to their findings, there have been over 4300 fraudulent domains since August 2025 that impersonate the FIFA site. The masterminds behind such a campaign are called “Ghost Stadium” by the analysts. According to the Group-IB analysis, they speak Chinese and act for financial motives. They have created a pixel-perfect copy of the FIFA website, including single sign-on authentication, which also supports eleven languages.

More than 300 domains run with the fraudulent infrastructure in the background. They attack FIFA's Ping Identity SSO system to intercept login credentials. Another 140 domains are considered suspicious, and 3800 are still parked and just waiting to be activated. A total of 2513 FIFA account credentials for the domains fifa.com and fifa.org have already been found by IT researchers on the dark web. In total, Group-IB has identified four independent fraud rings and a phishing-as-a-service supply chain that sells pre-made “fraud toolkits” and also operates automated ticket-buying bots. Advertising for the fraud sites runs via Facebook, for example. The linked analysis examines the fraudulent sites and backgrounds in depth.

As security advice, the FBI provides the usual tips, such as visiting the FIFA website by manually entering the correct address in the browser's address bar or from bookmarks. When using search engines, results marked “sponsored” should be avoided, as fraudsters often advertise fake domains. Subdomains should only be accessed from the official FIFA website, not from third-party websites.

Following an agreement between FIFA and YouTube, the video platform will become an official partner and the preferred platform for the upcoming World Cup. c't has also compiled some tips for home public viewing of the tournament.

(dmk)