Football Fever Fuels Scam Campaigns Across Email and Social Media

Football fans are increasingly targeted by scams exploiting club loyalty, national teams, football collectibles, streaming demand, and the growing excitement around the FIFA World Cup 2026, according to Bitdefender Labs.

Our most recent investigation uncovered more than 55 football-related malvertising campaigns targeting users through fake online stores, social media ads, IPTV piracy operations, fraudulent football apps, and FIFA-themed giveaway and lottery scams distributed through email.

Key takeaways

• Researchers identified more than 55 football-related scam ad campaigns targeting fans on Meta-owned platforms. The most-targeted users were in the UK, Portugal, Spain, Algeria, the United States, Canada, Mexico, Belgium, Germany, Brazil, and Australia.
• FIFA World Cup 2026 was a major lure, but scammers also targeted club supporters, national teams, football collectors, and streaming audiences.
• Facebook and Meta platforms were heavily abused for malvertising campaigns promoting fake football merchandise and phishing pages.
• Scam campaigns targeted supporters of England, Scotland, the Tartan Army, and Hearts FC.
• Fake Panini sticker offers and football collectibles were promoted through malicious ads and fake storefronts.
• Bitdefender Antispam Lab identified multiple FIFA-themed lottery and giveaway scams delivered through email.
• Researchers uncovered coordinated IPTV piracy operations and fake football apps targeting football fans in Portugal, Algeria, and other regions.
• Several fake merchandise operations were linked to organized overseas operators using a structured advertising infrastructure.

Football fans are being targeted through social media malvertising

As excitement builds for the FIFA World Cup 2026, cybercriminals have been capitalizing on global football enthusiasm for months through a growing ecosystem of scams, fake shops, phishing campaigns, and fraudulent social media operations.

One of the clearest trends observed by researchers Alexandra Dinulica and Vlad Mihai Sireanu during their investigation was the aggressive use of malicious advertising campaigns targeting football supporters on social media platforms, particularly Facebook and Meta services.

Researchers identified scam ads promoting:

• “Official” FIFA World Cup merchandise
• England and Scotland football kits
• Hearts FC-themed clothing
• Panini sticker packs and albums
• Limited-edition football collectibles
• Football streaming services
• Fake fan gear and ticket offers

Many of the ads were designed to blend naturally into users’ feeds using realistic product photos, football imagery, countdown timers, and pressure tactics such as: “Limited stock”, “Today only”  or “Selling out fast” .

The ads redirected users to fake online stores and phishing pages designed to collect payment details or personal information.

Several suspicious domains repeatedly appeared throughout the investigation, including:

• faithoutfit[.]uk
• defwear[.]uk
• savebigwear[.]com
• teamcollections[.]com
• fanzonewear[.]com
• crestwearus[.]com

The identified scam campaigns targeted England supporters using “Three Lions” branding, Scotland national team supporters, Tartan Army fans and Hearts FC supporters.

Researcher Ionut Baltariu also observed football-themed scam ads promoting supposed FIFA World Cup 2026 Panini sticker albums and collectibles as early as February 2026. Several fake pages promoting these ads also contained noticeable branding inconsistencies and typos. In one example, a page used the name “WordCup” instead of “World Cup,” while still trying to imitate official football branding and Panini-related promotions. Other campaigns used names such as “Loja Panini,” “Ofcpanini,” and “Brasil Hexa 2026” to appear connected to legitimate football collectibles and World Cup merchandise.

The ads heavily targeted Portuguese-speaking audiences, particularly users in Brazil, and promoted alleged pre-orders for “official” FIFA World Cup 2026 sticker albums, bundles, and collector kits. Multiple versions of the same ads were seen running simultaneously across Facebook and Instagram, a common malvertising tactic to maximize reach and test engagement. We also noticed signs that some football-themed scam ads may have relied on AI-generated or heavily AI-enhanced promotional imagery. Several campaigns used unusually polished visuals, synthetic-looking product renders, and inconsistent branding elements to create advertisements for fake FIFA World Cup 2026 sticker albums and collectibles.

Chinese-operated counterfeit football merchandise campaigns

Researchers also identified multiple counterfeit football merchandise scam operations linked to organized overseas operators.

Two fake merchandise campaigns targeting UK football supporters were definitively attributed to Chinese operators after investigators discovered Simplified Chinese UTM campaign parameters embedded directly inside advertising tracking infrastructure.

Because these labels appeared directly inside advertising tracking parameters, they provide unusually strong attribution evidence linking the operations to Chinese-speaking operators running structured malvertising campaigns.

The wording also suggests organized advertising workflows involving campaign testing, bid optimization, and multi-storefront management rather than isolated scam activity.

Researchers also observed identical ad copy and similar storefront structures across multiple domains, indicating operators were running several fake shops simultaneously so they could continue operating if one website was removed or blocked.

Football kit scam campaigns targeting parents

Among the findings, one operation stood out due to its clear focus on parents shopping for children’s football kits.

The scam campaign, tied to the website malskitukpatch.com and operating under the name “PrimeFinds UK,” advertised football kits for children between 3 and 13 years old.

The website tried to look trustworthy by claiming:

• “Dispatched from UK in 24hrs”
• “Free UK shipping”
• “30-day returns”

Researchers found no evidence to support these claims. The products were likely shipped from overseas suppliers, meaning buyers may face long delivery times, poor-quality products, or difficulty obtaining refunds.

The branding itself appears designed to create a sense of legitimacy. The name “PrimeFinds UK” suggests a local UK retailer and resembles naming conventions commonly associated with trusted e-commerce platforms.

Researchers also found that the same operator promoted unrelated products through other websites, including dog car seat covers. This pattern is commonly associated with low-trust scam or dropshipping operations that quickly pivot between trending products and seasonal events.

FIFA lottery and giveaway scams targeting fans

Bitdefender Antispam Lab researcher Viorel Zavoiu identified multiple email scam campaigns impersonating FIFA World Cup 2026 organizations and promotional programs.

The emails falsely claimed recipients had won cash prizes through FIFA lotteries, online giveaways, or promotional draws connected to upcoming football events.

Some messages promised winnings of up to $2 million and instructed victims to contact so-called “claims agents” or verification offices to process their reward.

The scams impersonated entities such as:

• FIFA Legal and Compliance Division
• FIFA World Cup 2026 Local Organizing Committee
• FIFA Awards promotional programs

To appear legitimate, the emails included reference numbers, Ticket IDs, Office addresses, legal terminology and even “confidential” PIN codes.

One version instructed recipients to contact a purported claims agent in South Africa using a free Gmail address, and to request personal information such as nationality, occupation, address, and phone number.

Another variation requested passport or national identification details early in the process, suggesting potential risks of identity theft in addition to financial fraud.

These campaigns follow the structure of classic advance-fee and lottery scams, but their use of FIFA branding and World Cup references makes them more believable to football fans who are expecting promotions, giveaways, ticket draws, and tournament-related offers.

Researchers observed these scams operating alongside broader football-themed fraud, including fake merchandise stores, ticket scams, IPTV piracy services, counterfeit collectibles, and malvertising campaigns spread through social media.

Illegal IPTV and Fake Football Apps

The investigation also uncovered football-themed piracy and fake app scam campaigns targeting fans seeking match streams and football content.

In Portugal, researchers linked UniTV and Xtream IPTV through shared entities and overlapping infrastructure, suggesting a single operator managing multiple IPTV brands simultaneously.

This type of setup allows operators to continue functioning even if one service is disrupted or removed.

Researchers also identified coordinated fake football app scam campaigns connected to “Goal Rush” and “BEST APP,” which deployed dozens of fake entities across multiple operations.

Some used Cyrillic character spoofing to evade moderation systems and automated detection tools, suggesting a more advanced and coordinated operation.

How to Stay Safe

A few basic habits can significantly reduce the risk of falling victim to football/ FIFA World Cup  scams:

• Be cautious with football-related ads and promotions appearing on social media, especially those offering unrealistic discounts, fake giveaways, or “limited-time” deals.
• Avoid clicking unsolicited links related to FIFA World Cup tickets, football merchandise, streaming platforms, or Panini collectibles.
• Type official website addresses manually whenever possible instead of relying on links inside ads or emails.
• Treat countdown timers and aggressive urgency messages as warning signs rather than reasons to rush.
• Use scam detection tools such as Bitdefender Scamio and Bitdefender Link Checker to analyze suspicious messages, screenshots, websites, and redirects before interacting with them.
• Use a security solution on your desktop and mobile devices to help block phishing pages, malicious redirects, fake storefronts, and scam websites distributed through social media ads and messaging apps.

If you believe you may have already interacted with a scam:

• Contact your bank or card provider immediately if payment details were submitted
• Monitor your accounts closely for suspicious activity or follow-up phishing attempts
• Treat passport, ID, or personal information shared with suspicious websites as potentially compromised
• Keep screenshots, receipts, emails, and website addresses if purchased goods never arrive
• Report the scam to local fraud reporting or consumer protection authorities

Most importantly, verify offers through official channels whenever possible. That means using FIFA.com for tournament information and tickets, recognized retailers for football merchandise and collectibles, and official streaming providers for live matches.

Disclaimer: This report is published for informational and educational purposes only. The findings presented are based on independent research conducted by Bitdefender Labs using publicly available information and proprietary threat intelligence. The mention of specific domains, entities, brands, or trademarks does not imply any endorsement, affiliation, or official relationship. All trademarks referenced herein are the property of their respective owners. Bitdefender makes no representations or warranties regarding the accuracy or completeness of third-party information. Readers are encouraged to verify any information independently before taking action.