Researchers say multiple criminal groups have built fake FIFA websites to steal World Cup fans’ passwords, payment details, and money through bogus ticket sales. Group-IB identified four separate campaigns since August 2025, including a Chinese-speaking operation it calls GHOST STADIUM that uses more than 300 active lookalike domains and roughly 3,800 dormant ones. The phishing kit closely copies FIFA’s login flow, can trigger password-reset steps to lock victims out, and is being promoted through Facebook ads offering unrealistically cheap tickets.
Why it matters: Fans trying to buy 2026 World Cup tickets could lose their accounts, have legitimate tickets resold, or pay scammers for fake seats. Users should only type fifa.com directly into their browser, avoid ad-linked ticket offers, and treat lookalike FIFA domains as suspicious.
Arctic Wolf Labs
2026.06.09
84% relevant
This is the same underlying World Cup 2026-themed fraud and phishing ecosystem, but adds materially new details: more than 10,000 themed domains since January 2026, a mobile-first funnel through WhatsApp/Telegram/Discord, a real-time adversary-in-the-middle phishing kit that defeats one-time MFA codes, a Windows infostealer delivered via ticket lures, and targeting of host-city staff and fake FIFA career portals aimed at Google Workspace accounts.
SecurityWeek News
2026.05.29
98% relevant
This source reiterates Group-IB's findings on thousands of fraudulent FIFA-themed domains and adds detail that a Chinese-speaking group dubbed Ghost Stadium ran more than 300 domains, including a near-perfect clone of FIFA's site.
Bill Toulas
2026.05.28
95% relevant
This article covers the same underlying World Cup 2026 fraud campaign ecosystem and adds an FBI public warning, example lookalike domains, fraud types beyond ticketing, and references to Group-IB's Ghost Stadium cluster and Bitdefender observations across multiple countries and ad channels.
2026.05.28
100% relevant
This article establishes a distinct, named fraud operation and broader cluster of World Cup-themed phishing and ticket scams, with concrete infrastructure, tactics, and estimated victim impact.
← Back to all stories