FBI Warns Fans About FIFA Scams Ahead of 2026 World Cup

As excitement builds for the 2026 FIFA World Cup, cybercriminals are already gearing up for one of the biggest scam opportunities of the year.

The FBI has issued a warning that threat actors are creating fake FIFA websites to trick fans into handing over personal and financial information. The warning comes just days after Bitdefender Labs uncovered dozens of football-themed scam campaigns targeting fans through social media, fake online stores, phishing emails, and fraudulent streaming offers.

Key takeaways

• The FBI warns that cybercriminals are spoofing FIFA websites ahead of the 2026 World Cup.
• Fake websites are being used to steal personal information, payment details, and credentials.
• Bitdefender researchers recently identified more than 55 football-related scam campaigns targeting fans online.
• Criminals are exploiting fan enthusiasm with fake tickets, giveaways, merchandise offers, and streaming services.
• Fans should carefully verify domains and buy tickets and merchandise only from official sources.

Fake FIFA sites target World Cup fans

According to the FBI, cybercriminals are creating convincing copies of FIFA websites that mimic the organization's branding, logos, and online services. These fraudulent sites are designed to look legitimate so they can collect sensitive information from unsuspecting visitors.

“Cyber threat actors are conducting spoofing attacks against the Fédération Internationale de Football Association (FIFA) website in advance of the 2026 FIFA World Cup,” according to the FBI’s notice.

“Threat actors often create spoofed websites by slightly altering characteristics of legitimate website domains, with the purpose of gathering personally identifiable information (PII) entered by a user into the site, including name, home address, phone number, email address, and banking information,” the bureau warns.

The FBI says attackers are using domain impersonation and typo-squatting techniques—registering web addresses that closely resemble legitimate FIFA domains—to lure victims searching for World Cup information, tickets, merchandise, and promotional offers.

With the 2026 FIFA World Cup expected to attract millions of fans worldwide, security experts anticipate a jump in scams exploiting tournament-related excitement.

Bitdefender research reveals a broader football scam ecosystem

The FBI warning aligns closely with findings from a recent Bitdefender Labs investigation into football-themed cybercrime.

Our researchers uncovered more than 55 active scam campaigns targeting football fans through fake online stores, malicious advertisements on social media platforms, IPTV piracy operations, fraudulent football applications, and FIFA-themed giveaway scams.

The campaigns capitalize on predictable fan behaviors:

• Searching for discounted match tickets
• Looking for exclusive merchandise
• Entering football-related giveaways
• Seeking free or unauthorized streaming services
• Following social media promotions tied to clubs, leagues, and international tournaments

Why sporting events attract scammers

Global tournaments create a perfect environment for cybercriminals.

As major sporting events approach, attackers increasingly rely on a sense of urgency and emotional engagement to persuade victims to act before verifying an offer's legitimacy.

Fans are often willing to move quickly when tickets become available, merchandise sells out, or limited-time promotions appear online. Attackers exploit that sense of urgency by launching short-lived scam websites, purchasing targeted advertisements, and flooding social media feeds with fraudulent offers.

The combination of convincing branding, social media promotion, and high-profile sporting events can make fraudulent websites hard to distinguish from legitimate ones.

How football fans can stay safe

Whether you're looking for World Cup tickets, official merchandise, or tournament updates, a few precautions can help you stay safe:

Verify the website address

Before entering personal or payment information, carefully inspect the URL. Attackers often use subtle spelling changes or alternative domain extensions that resemble legitimate FIFA websites.

Avoid clicking links in unsolicited messages

Be cautious with links received through email, social media advertisements, messaging apps, or text messages—especially if they promise exclusive deals or limited-time offers.

Purchase from official sources

Buy tickets, merchandise, and subscriptions only through verified FIFA partners and official vendors.

Be skeptical of giveaways and discounts

If an offer looks unusually generous or requires immediate action, treat it with caution. Scammers often use fake contests and heavily discounted products to lure victims.

Use security software

A comprehensive security solution can help identify phishing sites, block malicious links, and warn users before they interact with fraudulent content. Use scam detection tools such as Bitdefender Scamio and Bitdefender Link Checker to see if you’re interacting with a scam.

You may also want to read:

Football Fever Fuels Scam Campaigns Across Email and Social Media

Football Ticket Scams Are Rising Fast, Lloyds Bank Warns

As Deepfakes Spread, YouTube Makes AI Labels Harder to Miss