FIFA websites spoofed by hackers ahead of 2026 World Cup, FBI warns

News
By published

Dozens of fake FIFA sites are out there

A man holds the FIFA World Cup in his hands.
(Image credit: Shutterstock)
  • FBI’s Internet Crime Complaint Center warned of at least 35 spoofed FIFA websites designed to steal personal and financial data from fans
  • Fraudsters mimic legitimate domains with subtle spelling or TLD changes
  • Officials advise typing FIFA’s URL directly, or avoiding sponsored search results

Hackers spoofing FIFA has gotten so bad that the FBI had to react and issue a public alert to warn people to be careful.

Earlier this week, the FBI’s Internet Crime Complaint (ICC) issued a new alert, warning about the rise in fake FIFA websites looking to steal people’s sensitive information and even money.

Cybercriminals and fraudsters have always tapped into current events in their attacks. The Olympic games, the Covid epidemic, the Russian invasion of Ukraine, and other global events, have been used as a theme in phishing attacks, and fake websites were popping up, distributing malware under the guise of “vaccine information”, or cheap tickets.

Latest Videos From

Project Glasswing is important

The World Cup is no different. Even eight years ago, TechRadar reported about tickets scams hitting fans worldwide, and back in 2022, fake World Cup streaming sites were targeting virtual fans.

This time around, the FBI says it identified at least 35 spoofed websites which, at first glance, look identical to the real thing with branding, product listing, and all other important details, being carefully placed.

“Threat actors often create spoofed websites by slightly altering characteristics of legitimate website domains, with the purpose of gathering personally identifiable information (PII) entered by a user into the site, including name, home address, phone number, email address, and banking information,” the FBI said.

“For example, spoofed website domains may feature alternate spellings of words or use an alternative top-level domain to impersonate a legitimate website. Members of the public could unknowingly visit spoofed websites while attempting to access FIFA's website.”

The FBI recommends users going to the FIFA website by typing in the address directly. Those using the search engine should avoid sponsored results since “these can be paid imitators looking to deter traffic”, and should make sure they’re visiting a site on the .com domain. Bookmarking vetted websites is also a good idea.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.