4,300 Fake FIFA Sites Are Live Right Now. The World Cup Scams Have Started.

#The World Cup is coming to Chicago. So are the scammers.

The 2026 FIFA World Cup kicks off June 11. Games are being played at Soldier Field. Chicago is a host city. Everyone's excited.

You know who else is excited? The people who registered 4,300 fake FIFA domains to steal your money and personal information.

Group-IB uncovered a massive fraud ecosystem targeting World Cup fans. Four independent threat actor groups. Six different fraud schemes. And one group alone, a Chinese-speaking operation Group-IB calls "GHOST STADIUM," is running over 300 phishing domains with pixel-perfect clones of FIFA's official website.

These aren't amateur operations. They replicated FIFA's single sign-on authentication flow. They support 11 languages. They look more legitimate than some actual FIFA pages.

The FBI issued a public warning. That's how serious this is.

#What the scammers are running.

Six separate schemes, all active right now:

Fake ticket sales. You think you're buying a ticket to USA vs. England at Soldier Field. You're sending $800 to someone in Southeast Asia. The ticket doesn't exist. The "confirmation email" is fake. By the time you realize it, the money's gone and the domain is offline.

Credential phishing. You land on what looks like FIFA.com, enter your email and password to "check your ticket status." Now the attacker has your FIFA account credentials. If you reused that password anywhere else (and you probably did), they have access to those accounts too.

Counterfeit merchandise. Fake jerseys, scarves, memorabilia. You pay, you get nothing. Or worse, you get a cheap knockoff and a compromised credit card number.

Fake streaming platforms. "Watch every match FREE! Just create an account." Now they have your email, your password, and your payment info for the "premium upgrade" they upsell you on.

Fraudulent betting sites. Deposit money to bet on matches. The site keeps your deposit. There is no betting platform. There never was.

Infostealer distribution. Some sites push malware downloads disguised as "official FIFA apps" or "World Cup schedule PDFs." The download installs credential-stealing malware on your device.

#170,000 stolen FIFA credentials are already circulating.

Group-IB found over 170,000 infostealer logs containing FIFA-related credentials on dark web markets. Over 2,500 confirmed FIFA account credential pairs are being sold for $5-50 each.

If you have a FIFA account and you used the same password somewhere else, go change it right now. Seriously. Right now. I'll wait.

And yes, this is the same credential reuse problem I keep talking about. If your FIFA password is the same as your work email password, an attacker who buys your FIFA credentials for $5 just got access to your business email. For five dollars.

#Why I'm writing about this on a cybersecurity blog.

Because it's going to hit Chicago hard. We're a host city. Everyone in the metro area is going to be searching for tickets, hospitality packages, watch parties, and merchandise. The scammers know this. They're targeting host city populations specifically.

And because the social engineering techniques being used here are the exact same ones being used to target businesses:

• Typosquatting (registering domains that look like legitimate ones with small spelling changes)
• Credential phishing (pixel-perfect clone login pages)
• Urgency manipulation ("Only 3 tickets left! Buy now!")
• Trust exploitation (copying official branding, layouts, and authentication flows)

The same person who falls for a fake FIFA ticket site at home is the same person who falls for a fake Microsoft 365 login page at work. The skills are the same. The instincts are the same. Training for one protects against the other.

#How to protect yourself (and your employees).

For personal World Cup purchases:

1. Only buy tickets from FIFA.com. Type the URL directly into your browser. Don't click links from emails, texts, social media, or search ads. Scammers buy search ads to appear above the real FIFA site.

1. Never enter credentials on a site you reached through a link. If you need to log into your FIFA account, open a new tab and type fifa.com yourself.

1. Use a unique password for your FIFA account. Bitwarden is free. Generate a random password. If FIFA gets breached (or you accidentally enter it on a fake site), at least it doesn't compromise everything else.

1. Pay with a credit card, not a debit card. Credit cards have fraud protection. Debit cards drain your bank account directly. For any online purchase you're not 100% sure about, credit card only.

1. Be skeptical of deals that seem too good. If someone's selling $400 tickets for $100, there are no $400 tickets. There's a $100 donation to a criminal.

For businesses with employees in Chicago:

1. Send a security reminder about World Cup scams. Seriously. A short email: "The FBI is warning about fake FIFA websites. Don't click links for ticket deals. Don't download World Cup apps from random sites. If it seems too good to be true, it is."

1. Use this as a training opportunity. The World Cup scams use identical techniques to business email compromise. Walk your team through a fake FIFA site and show them how to spot the red flags. Same red flags apply to fake vendor invoices and spoofed login pages.

1. Monitor for credential compromise. If any employee's FIFA credentials are in those 170,000 leaked logs and they reused the password at work, you have a problem. Have I Been Pwned domain search can help.

#Further reading

• FBI World Cup Scam Warning - official federal warning
• Group-IB GHOST STADIUM Report - full investigation with fraud scheme details
• FIFA Official Ticket Site - the only legitimate source
• Have I Been Pwned - check if your credentials are compromised
• Bitwarden - free password manager, stop reusing passwords