Global cybercrime campaign hijacks FIFA World Cup 2026 ticket sales
A sophisticated cyber‑crime operation is targeting fans seeking FIFA World Cup 2026 tickets. Researchers at CloudSEK identified at least 40 cloned ticket‑selling websites that steal payment card details and intercept one‑time passwords (OTPs) in real time, effectively bypassing two‑factor authentication. The scam infrastructure includes a rogue payment processor and a Chinese‑language backend, linking the campaign to a threat network of Chinese origin.
Fortinet’s FortiGuard Labs reported more than 13,000 FIFA‑related domains registered between January and May 2026, with roughly 8.8 % classified as malicious or suspicious. In addition to fake ticket sites, threat actors operate counterfeit merchandise stores, malicious streaming apps, fake job offers and phishing accounts, many spread through Facebook and Instagram. Victims have been primarily in the United States, but cases have been found across Europe, the Asia‑Pacific region, the Middle East and Africa.
Both firms advise fans to purchase tickets only through official FIFA channels, avoid unsolicited links on social media, and remain vigilant against urgent payment requests or offers that appear too good to be true.