Fraudsters Register 4,300 Fake FIFA World Cup 2026 Domains to Scam Fans
Cybercriminals have registered more than 4,300 fake FIFA World Cup domains since August 1, 2025, in a coordinated effort to scam fans and exploit the growing hype for the FIFA World Cup 2026.
According to new research by Check Point Research, the domains mimic official FIFA branding, the term World Cup, and even host cities like Dallas, Miami, Toronto, and Mexico City. The fraudulent infrastructure is being used for phishing, ticket scams, counterfeit merchandise sales, and botnet attacks, posing a serious risk to fans worldwide.
Large-Scale Fraud Infrastructure Already in Place
Check Point’s analysis reveals that the domain registrations are not random. Instead, they are synchronised in waves and often share the same DNS setups. Fraudulent domains are clustered across registrars like GoDaddy, Namecheap, Dynadot, and Gname, showing signs of coordinated activity.
Some of the fake websites even reference future FIFA tournaments like 2030 and 2034. This tactic, known as domain ageing, allows scammers to let domains sit unused for years to gain credibility before launching large-scale attacks.
“What we’re seeing is infrastructure being built, at scale, to exploit global interest before the World Cup even kicks off,” said Amit Weigman, Evangelist at Check Point.
“Threat actors are not waiting for 2026; they are matching their timeline to FIFA’s.”
Ticketing Fraud in Focus
With FIFA’s ticket presale draw concluded on September 19 and purchase windows opening on October 1, fans are entering a high-risk period. Fraudsters are expected to launch phishing attacks using:
- Spoofed ticket confirmation emails
- Fake queue portals
- Fraudulent payment pages
This timing makes scams highly convincing since fans will already be expecting official FIFA communications.
Key Findings From the Report
Check Point identified several indicators of systematic fraud, including:
- 4,300+ FIFA-related domains registered in under 60 days.
- Activity spikes between August 8–12 and early September.
- Domains clustered across a few registrars for bulk automation.
- Targeted languages: English (streaming), Spanish & Portuguese (tickets/merchandise), French (Europe).
- Preferred top-level domains: .com, .shop, .store, .online, .football.
- Shared DNS setups, pointing to coordinated small groups using fraud kits.
Additionally, botnets are being trained to:
- Flood ticketing queues
- Scoop up inventory
- Exploit dynamic pricing models
On Telegram channels and dark-web markets, scammers are already advertising FIFA-themed fraud kits, counterfeit jerseys, and fake hospitality offers.
FIFA’s Official Response
Last week, FIFA President Gianni Infantino announced that more than 4.5 million fans worldwide applied for the first round of tickets for the tournament. He described the upcoming World Cup—set to be hosted across Canada, Mexico, and the United States—as “the biggest, most inclusive, and most exciting event ever.”
Final Thoughts
The FIFA World Cup 2026 is set to be the largest tournament in history, but fans must remain cautious. With thousands of fraudulent domains already in circulation, cybercriminals are exploiting the excitement to launch scams.
To stay safe, fans should only:
- Purchase tickets from FIFA’s official website
- Verify URLs before entering payment details
- Be wary of emails and offers that seem “too good to be true”
The global popularity of the World Cup makes it a prime target for scammers—but with vigilance, fans can avoid becoming victims.
