Cybercriminals exploit FIFA World Cup fans with scams

Cybercriminals are leveraging the FIFA World Cup to launch a wave of scams targeting unsuspecting fans, according to research from FortiGuard Labs. The tournament, running from June 12 to July 19, has seen a surge in malicious activity, with threat actors creating hundreds of fake websites designed to mimic legitimate ones for ticketing, streaming, travel, and merchandise.

“

Cybercriminals are using the Fifa World Cup to launch scams and steal credentials, warns FortiGuard Labs, the research arm of cybersecurity firm Fortinet.

From January to May, researchers identified more than 13,000 new World Cup-themed domains, with approximately 8.8% flagged as malicious or suspicious. These domains often misuse FIFA branding and incorporate terms related to ticketing, streaming, betting, and hospitality. The scams aim to exploit fans' urgency as they search for tickets, resale options, match streams, and official merchandise, often pressuring victims with bogus limited-time discounts.

“

From January to May, more than 13,000 new World Cup-themed domains were registered. Roughly 8.8% of these domains were identified as malicious or suspicious through pattern analysis and scam activity.

FortiGuard Labs also detected over 1,700 suspected FIFA-related impersonation accounts and channels across social media and messaging platforms, with nearly 90% found on Facebook and Instagram. Beyond ticketing scams, cybercriminals are also targeting job seekers by posting fake FIFA-related job ads and sponsor recruitment opportunities. These schemes often direct victims to phishing websites, such as counterfeit Google login pages, to steal credentials.

“

Attackers capitalise on this urgency by promoting bogus limited-time discounts to pressure victims into making quick decisions.

The report further highlights evidence of FIFA-related activity within stealer log telemetry, with over 4,600 URLs associated with FIFA found in such logs. Additionally, researchers uncovered more than 260 FIFA employee credentials and over 1,000 potentially compromised credentials linked to malware or past breaches. These multifaceted attacks underscore the sophisticated methods cybercriminals are employing to capitalize on the global excitement surrounding the World Cup.

“

The World Cup also generates demand for temporary workers, contractors, hospitality staff, logistics personnel, media support and event-specific roles. This demand provides attackers with another attractive target.