Cybercriminals are exploiting excitement around the 2026 FIFA World Cup with fake FIFA websites designed to steal personal information, including names, home addresses and phone numbers. Both football fans and job seekers are being targeted in the campaign.
Cyber Security News reported Wednesday that the FBI has issued a warning about a growing network of fake FIFA websites being used to steal sensitive user data ahead of the 2026 FIFA World Cup.
According to the FBI, threat actors are creating convincing copies of FIFA’s official website, using misleading URLs, fake ticket portals and cloned branding to trick users into sharing personal information.
Investigators say the operation is part of a wider phishing campaign built around the global attention surrounding the tournament.
Read also: Golf fans unlikely to see Tiger Woods in the 2026 Majors
Fake World Cup pages
Authorities say attackers are relying heavily on typo, squatting, where website addresses are intentionally made to look almost identical to legitimate domains.
Many of the sites advertise fake ticket sales, hospitality packages or World Cup related job openings. Users are then prompted to submit personal details such as their full name, address, phone number and e,mail account. Some platforms also request payment information.
According to the FBI, the stolen information can later be used for identity theft, financial fraud and unauthorized account access.
Job scams expand
The campaign has also focused heavily on employment scams targeting people hoping to work during the tournament.
Read also: Clothing brand 'Gucci' makes history: First fashion brand to secure F1 title sponsorship
Investigators also identified fake ticketing websites which attempt to exploit demand for World Cup tickets by presenting themselves as legitimate sellers.
Officials expect the number of malicious domains to increase significantly as the tournament approaches, making it more difficult for users to distinguish fake websites from real ones.
How attackers operate
Cybersecurity experts say the campaign combines traditional social engineering with professional looking website design and HTTPS certificates that can falsely make pages appear trustworthy.
Threat actors are also purchasing sponsored advertisements in search engines to push fake FIFA websites higher in search results. The FBI advises users to manually enter official website addresses rather than clicking links in ads, emails or social media posts.
Read also: Analysis: Is money laundering involved in FC Barcelona?
Authorities are encouraging anyone who encounters suspicious websites or has shared information through one of the fake platforms to report the incident to the Internet Crime Complaint Center, IC3.
Read also: Manchester City target £50 million reunion with Pedro Porro
