Watch Out for Fake FIFA Websites Appearing Ahead of the 2026 World Cup, FBI and IC3 Warn
Published
Key Takeaways
- Advanced Spoofing Campaigns: The FBI warns that threat actors are spoofing FIFA domains ahead of the global tournament.
- Typo Squatting Tactics: Malicious actors utilize typo squatting and alternate top-level domains to harvest sensitive data.
- Defensive Mitigation Strategies: The threat intelligence advisory suggests navigating directly to verified domains to bypass deceptive sponsored search results.
Threat actors are actively spoofing Fédération Internationale de Football Association (FIFA) websites in advance of the 2026 FIFA World Cup. These fake websites are specifically engineered to collect personally identifiable information, sell fake World Cup tickets and hospitality products, and possibly facilitate other malicious activity against unsuspecting users.
Advanced Typo Squatting and Domain Spoofing
A critical threat intelligence advisory issued through the Internet Crime Complaint Center (IC3) by the Federal Bureau of Investigation (FBI) warns that threat actors use alternate misspellings, such as fiffa[.]com, or leverage alternative top-level domains to register sites like jobs-fifa[.]com to impersonate the legitimate www.fifa.com website.
The malicious football-themed domains observed so far are:
- www.fifa[.]cab
- www.fifa[.]pink
- www.fifa[.]blue
- www.fifa[.]pub
- FIFA[.]city
- Fifa[.]bio
- fifa[.]beer
- fifa[.]click
- fifa[.]cam
- fifa[.]ceo
- fifa[.]help
- filfa[.]org
- fifa-online[.]com
- https://fifa-2026[.]xyz
- jobs-fifa[.]com
- fifa-hr[.]com
- fifa-careerhub[.]com
- fifaworldcup-careers[.]com
- fifa-hiring[.]com
- fifahiring[.]com
- fifa-ticket[.]live
- fifastore.us[.]com
- fifaworldcup26[.]sale
- fifaworldcup26.xcover-staging[.]com
- worldcup2026-tickets.com[.]mx
- worldcup26ticket[.]com
- 2026fifaworldcuptickets[.]online
- fwc2026[.]net
- fwc2026.web[.]app
- www.fifa2026p[.]com
- fifa2026fworldcup[.]com
- wvvw-fifa[.]com
- ww-fifa[.]com
- fifa-com[.]com
- www.fifa-com[.]services
- quiniela-fifa-2026.pages[.]dev
The FBI has identified a rapid proliferation of these spoofing domains utilized in active fraud campaigns, and warns that more will continue to appear.
Mitigation and Incident Reporting Protocols
To defend against potential credential harvesting and financial fraud operations, the FBI advises individuals and network defenders to type fifa.com directly into the browser address bar. Other recommendations include:
- avoiding sponsored search results,
- verifying that the destination URL explicitly ends in .com,
- utilizing established bookmarks or favorites for secure access.
If a user falls victim to this cyberattack, they should immediately report the incident to IC3 at www.ic3.gov. Security incident reports must include the specific domain of the fake website, comprehensive interaction details, and relevant financial transaction information to assist ongoing law enforcement investigations.
In other recent news, Dutch police arrested a suspect in the Ajax football club data breach. In December 2025, a fake IKEA, Zalando, Dr. Martens, and Mango e-commerce campaign targeted the global retail sector, and holiday phishing scams spiked with fake Dolce & Gabbana and Pandora storefronts and cryptocurrency schemes.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular