Fraudulent websites impersonating FIFA are exposed. Photo: ESET Press Excitement for the opening of the 2026 World Cup is already at its peak, but alongside the growing demand for tickets, accommodation packages and official merchandise, cyber experts are warning of a wave of scams targeting soccer fans around the world.
Researchers at cybersecurity firm ESET recently identified a series of fake websites impersonating FIFA and official World Cup websites. The sites ostensibly offer tickets, accommodation packages, and official merchandise, but are actually designed to steal money, credit card details, and personal information from users.
According to the company, the sites were built to resemble the official platforms as closely as possible. They include registration pages, game selection, shopping carts, and payment processes that appear completely legitimate. In some cases, web addresses that resemble the official FIFA or tournament names are used, with a slight change in the address or the use of suffixes such as "shop" and "store" to mislead users.
The company explains that many fans may reach these sites through sponsored advertisements on search engines, links on social networks, e-mail messages, or links shared in WhatsApp groups.
Beyond possible financial loss, entering personal information on these sites may expose users to attempts to hack into additional accounts, especially when the same passwords are used across multiple services.
ESET recommends purchasing tickets and packages only through official FIFA channels, typing the website address manually into the browser, carefully checking the domain name before entering details, and avoiding offers that create a sense of urgency such as "last tickets" or "limited time discount."
The researchers also recommend enabling two-step verification on important accounts and using up-to-date security solutions on computers and mobile phones.
Gil Stern, Marketing Manager at ComSecure: "Large international events are fertile ground for online fraud, because they combine high demand, time pressure, and a lot of emotion. Fans who are afraid of missing out on tickets or official products may click too quickly on a link that seems reliable, without thoroughly checking the address or the source of the offer."
He added that "the fact that a website includes a shopping cart, a payment form, and a professional design does not prove that it is legitimate. Cybercriminals know how to build very convincing user experiences."